{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_query_subgraph_tokens` has cognitive complexity 18 (SonarSource scale). ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_query_subgraph_tokens` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-python` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._send` used but never assigned in __init__", "shortDescription": {"text": "`self._send` used but never assigned in __init__"}, "fullDescription": {"text": "Method `handle_request` of class `HTTPTransport` reads `self._send`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_validate_graph_path_raises_if_file_missing", "shortDescription": {"text": "Phantom test coverage: test_validate_graph_path_raises_if_file_missing"}, "fullDescription": {"text": "Test function `test_validate_graph_path_raises_if_file_missing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/889"}, "properties": {"repository": "safishamsi/graphify", "repoUrl": "https://github.com/safishamsi/graphify", "branch": "main"}, "results": [{"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 82185, "scanner": "repobility-threat-engine", "fingerprint": "1d597b037dbdbcca5a6a3dcc5f3fc239bcb0d0ad177748f5199e9aa7f1515bd2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def handle_request(self, request: Request) -> Response:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1d597b037dbdbcca5a6a3dcc5f3fc239bcb0d0ad177748f5199e9aa7f1515bd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/transport.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_query_subgraph_tokens` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=6, if=4, nested_bonus=8."}, "properties": {"repobilityId": 82173, "scanner": "repobility-threat-engine", "fingerprint": "c2f5d65110eb9aee120f887cb9f4c6baca52c97a162cd4d4597dee7896cc4d9e", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_query_subgraph_tokens", "breakdown": {"if": 4, "for": 6, "nested_bonus": 8}, "complexity": 18, "correlation_key": "fp|c2f5d65110eb9aee120f887cb9f4c6baca52c97a162cd4d4597dee7896cc4d9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/benchmark.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 82171, "scanner": "repobility-threat-engine", "fingerprint": "714177d0d12a8130eb673d61b49a33b2b0cffa38bea6c19878dd209e5bb43ee8", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|714177d0d12a8130eb673d61b49a33b2b0cffa38bea6c19878dd209e5bb43ee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/auth.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 82170, "scanner": "repobility-threat-engine", "fingerprint": "7946b62259a8b02fdba73679965db6fa636bf617be4e95475a473d027a549873", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7946b62259a8b02fdba73679965db6fa636bf617be4e95475a473d027a549873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82155, "scanner": "repobility-ast-engine", "fingerprint": "dd6f7a10dd74fabad39a4bd8bd0aa4a87d05431215401d432c1f6187b7492892", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd6f7a10dd74fabad39a4bd8bd0aa4a87d05431215401d432c1f6187b7492892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/mixed-corpus/raw/cluster.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82154, "scanner": "repobility-ast-engine", "fingerprint": "6f0a90ccfc82b4ba37b21dac9bf0a34b88adbc2294f51412eea8d0d78b762974", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f0a90ccfc82b4ba37b21dac9bf0a34b88adbc2294f51412eea8d0d78b762974"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/example/raw/parser.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82112, "scanner": "repobility-ast-engine", "fingerprint": "864bbf389ed8a67f31c0705cad801042a06fe16202d1bc403bbba98a16a15df4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|864bbf389ed8a67f31c0705cad801042a06fe16202d1bc403bbba98a16a15df4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82111, "scanner": "repobility-ast-engine", "fingerprint": "cdd5dc1d08c3237e9cecc730ea0cda4af61faa7df89682fad2819ba02376624f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdd5dc1d08c3237e9cecc730ea0cda4af61faa7df89682fad2819ba02376624f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82110, "scanner": "repobility-ast-engine", "fingerprint": "68226f1e8232a4978c155ecbf16e51023c08afb514515846d266827562ac2c75", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68226f1e8232a4978c155ecbf16e51023c08afb514515846d266827562ac2c75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82109, "scanner": "repobility-ast-engine", "fingerprint": "d62b14046f2910d61123b4c4b1308cededfa78ad32cb92f27bdccde5c8610581", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d62b14046f2910d61123b4c4b1308cededfa78ad32cb92f27bdccde5c8610581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82108, "scanner": "repobility-ast-engine", "fingerprint": "fd0f6aa94222ea0fc6ff8e879b5d5b7a9b06f04cca04337b9d86e7e47c1526ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd0f6aa94222ea0fc6ff8e879b5d5b7a9b06f04cca04337b9d86e7e47c1526ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82107, "scanner": "repobility-ast-engine", "fingerprint": "f97b466a3db74172ae8db425068db464e2a67dc84efadec131c478fdc1a86393", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f97b466a3db74172ae8db425068db464e2a67dc84efadec131c478fdc1a86393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/ingest.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82106, "scanner": "repobility-ast-engine", "fingerprint": "5cb930508e5494461d5a643b9d6d84b4984ac122c797987a0d3791cc8fd3e4ba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cb930508e5494461d5a643b9d6d84b4984ac122c797987a0d3791cc8fd3e4ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/ingest.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82105, "scanner": "repobility-ast-engine", "fingerprint": "80c1a1072782bccec70f601a945d5b58afe67ccae31577fd12be810c83860719", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80c1a1072782bccec70f601a945d5b58afe67ccae31577fd12be810c83860719"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 2187}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82104, "scanner": "repobility-ast-engine", "fingerprint": "f9a12ed601a04a2fd051e48e653175b4134ea0843a5578eb09c658ebded2793c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9a12ed601a04a2fd051e48e653175b4134ea0843a5578eb09c658ebded2793c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 2278}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82103, "scanner": "repobility-ast-engine", "fingerprint": "387c3314bf0c4a476d35e41e99c77d2c831c448b57fce255e84656e38540f3f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|387c3314bf0c4a476d35e41e99c77d2c831c448b57fce255e84656e38540f3f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1960}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82102, "scanner": "repobility-ast-engine", "fingerprint": "ac20b96f833b272311f011e511fa59eff59c04d6dc9f473c078f54c4c49c91fd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac20b96f833b272311f011e511fa59eff59c04d6dc9f473c078f54c4c49c91fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1779}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82101, "scanner": "repobility-ast-engine", "fingerprint": "51c1b4f6d2f278ea1b589b5d4f7880a1ae4508f5884173480e0a9002a0c237fc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51c1b4f6d2f278ea1b589b5d4f7880a1ae4508f5884173480e0a9002a0c237fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1602}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82100, "scanner": "repobility-ast-engine", "fingerprint": "0eb4dcd3ea88aef13d3e6d3677d0de56d6445a3ee8f7e210a4e910ee9c388d50", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0eb4dcd3ea88aef13d3e6d3677d0de56d6445a3ee8f7e210a4e910ee9c388d50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1425}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82099, "scanner": "repobility-ast-engine", "fingerprint": "4c3968359862873c89f677cd7d58d9bc9d3474d2049743461252b8f8ff37322a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c3968359862873c89f677cd7d58d9bc9d3474d2049743461252b8f8ff37322a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1263}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82098, "scanner": "repobility-ast-engine", "fingerprint": "401484840fefa592d395ed7707260f887e531b51e07df75e2b604f23bec09db0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|401484840fefa592d395ed7707260f887e531b51e07df75e2b604f23bec09db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 1090}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82097, "scanner": "repobility-ast-engine", "fingerprint": "c9adf4dfc7f22996b84a080657ed53cff8aa78a82427919c164a5df08444a987", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9adf4dfc7f22996b84a080657ed53cff8aa78a82427919c164a5df08444a987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 939}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82096, "scanner": "repobility-ast-engine", "fingerprint": "d315401cfd8d85fceb4e763f9d4b33cbb116315cb9bcffb37cbba92b62a7e777", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d315401cfd8d85fceb4e763f9d4b33cbb116315cb9bcffb37cbba92b62a7e777"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 769}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82095, "scanner": "repobility-ast-engine", "fingerprint": "93a1d520abd1dfa5b0dbda276b728148ae53ef3e88dcf63d123688f965c7511f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93a1d520abd1dfa5b0dbda276b728148ae53ef3e88dcf63d123688f965c7511f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 602}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82094, "scanner": "repobility-ast-engine", "fingerprint": "6b980b880d76c63a23a7bc9186cdff9605cd880e220defa69a25ac60f3dae6d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b980b880d76c63a23a7bc9186cdff9605cd880e220defa69a25ac60f3dae6d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 416}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82093, "scanner": "repobility-ast-engine", "fingerprint": "a55eb848fbe757dcef9854fa1f29e6600ad660042b8594489a6d08cb8bf58111", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a55eb848fbe757dcef9854fa1f29e6600ad660042b8594489a6d08cb8bf58111"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82092, "scanner": "repobility-ast-engine", "fingerprint": "41967748686883a1160521d9a5771c3cb3fa9fe0d26e7e98ba9d5679e6717869", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41967748686883a1160521d9a5771c3cb3fa9fe0d26e7e98ba9d5679e6717869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/extract.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82091, "scanner": "repobility-ast-engine", "fingerprint": "b9b651d44fa45a17b1d72b25fec611612099a5a016882853d3b9f56a7a248b0b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9b651d44fa45a17b1d72b25fec611612099a5a016882853d3b9f56a7a248b0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/cluster.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82090, "scanner": "repobility-ast-engine", "fingerprint": "c8d3f63d6c6fd8d5daa84f374ea8227a8fc1d6cf518c95238d87ea513bb17ab5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8d3f63d6c6fd8d5daa84f374ea8227a8fc1d6cf518c95238d87ea513bb17ab5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/watch.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `build_from_json` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, continue=1, for=2, if=3, nested_bonus=1."}, "properties": {"repobilityId": 82174, "scanner": "repobility-threat-engine", "fingerprint": "fded393dc5bded0dc725f28597f4c0f2da93d01c8879cf6b042aa87a766ba6de", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "build_from_json", "breakdown": {"if": 3, "and": 1, "for": 2, "continue": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|fded393dc5bded0dc725f28597f4c0f2da93d01c8879cf6b042aa87a766ba6de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/build.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82089, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61be8d5f770d2fc96100380fdd62fcf5a0fed08558c78a54caede7c692d34c4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "graphify/cluster.py", "duplicate_line": 1, "correlation_key": "fp|61be8d5f770d2fc96100380fdd62fcf5a0fed08558c78a54caede7c692d34c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/mixed-corpus/raw/cluster.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82088, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c08d219438cb1708cc41ea1724da00e7eb15edb55981f1681078be0c3a8709a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "graphify/build.py", "duplicate_line": 1, "correlation_key": "fp|c08d219438cb1708cc41ea1724da00e7eb15edb55981f1681078be0c3a8709a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/mixed-corpus/raw/build.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82087, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a12da2b86c4e6373c7d2a3040daa2944a7b9270aa2372b2e3d71931664f6f44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "graphify/analyze.py", "duplicate_line": 1, "correlation_key": "fp|4a12da2b86c4e6373c7d2a3040daa2944a7b9270aa2372b2e3d71931664f6f44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/mixed-corpus/raw/analyze.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82086, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b04b444f4f54344af828eff113bef0faefe3548ef282e8952b62d40b0ac96a03", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "graphify/benchmark.py", "duplicate_line": 23, "correlation_key": "fp|b04b444f4f54344af828eff113bef0faefe3548ef282e8952b62d40b0ac96a03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/serve.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 82085, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 82183, "scanner": "repobility-threat-engine", "fingerprint": "6d9ee136430e3eba8dd7cd8dc9f07fca6b73474b74f2f2747c8de298d031431b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d9ee136430e3eba8dd7cd8dc9f07fca6b73474b74f2f2747c8de298d031431b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/example/raw/validator.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 82181, "scanner": "repobility-threat-engine", "fingerprint": "47f4c729a31e3a3bdeb3336e48d9fb4446f92c05f9aae92a95054297677cb992", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47f4c729a31e3a3bdeb3336e48d9fb4446f92c05f9aae92a95054297677cb992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/security.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 82180, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 82175, "scanner": "repobility-threat-engine", "fingerprint": "1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "elif": 7, "else": 4, "except": 1, "ternary": 4, "nested_bonus": 13}, "aggregated": true, "complexity": 35, "correlation_key": "fp|1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "aggregated_count": 14}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 82169, "scanner": "repobility-threat-engine", "fingerprint": "97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 82168, "scanner": "repobility-threat-engine", "fingerprint": "09f85ebb616ec535e717cb0f5bf0389ad3b1652d3c1c300be94041661ef4abd5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|09f85ebb616ec535e717cb0f5bf0389ad3b1652d3c1c300be94041661ef4abd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/example/raw/validator.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 82167, "scanner": "repobility-threat-engine", "fingerprint": "8d934520731596862f0c9e60ce465e12bcd5d9c3c73e89a4b7a361e532006c92", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d934520731596862f0c9e60ce465e12bcd5d9c3c73e89a4b7a361e532006c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/hooks.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 82166, "scanner": "repobility-threat-engine", "fingerprint": "69174fe8856ba147b3bba9a28aad4368e20cccb569211965ecb10136825db4e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69174fe8856ba147b3bba9a28aad4368e20cccb569211965ecb10136825db4e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 82165, "scanner": "repobility-threat-engine", "fingerprint": "867a3a623ca051aea49f221b5bbf9a380187743f8f45adfe8795d282ec995d3c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|867a3a623ca051aea49f221b5bbf9a380187743f8f45adfe8795d282ec995d3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/benchmark.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 82164, "scanner": "repobility-threat-engine", "fingerprint": "2ebe4939d2f1f8b9952f8cadecdd25465d00e7bd33728f7b14a828039375b461", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ebe4939d2f1f8b9952f8cadecdd25465d00e7bd33728f7b14a828039375b461"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 82163, "scanner": "repobility-threat-engine", "fingerprint": "bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "aggregated_count": 3}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 82159, "scanner": "repobility-threat-engine", "fingerprint": "5bef6db43686cbb597d9daa979ab7e507ff7e4e548d452809481a95f3f67e7fe", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"\\ngraphify token reduction benchmark\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|graphify/benchmark.py|11|print f ngraphify token reduction benchmark"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/benchmark.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 82158, "scanner": "repobility-threat-engine", "fingerprint": "c3b992219e18d6bc70ce8461997ea5becde0d74cc4572e718e448d1b38b37538", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"  benchmark [graph.json]  measure token reduction vs naive full-corpus approach\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|graphify/__main__.py|16|print benchmark graph.json measure token reduction vs naive full-corpus approach"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 82184, "scanner": "repobility-threat-engine", "fingerprint": "d9ff5667adbe9474ec2aa4b78b6931f3c592ef198890d7503797b62051b174a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9ff5667adbe9474ec2aa4b78b6931f3c592ef198890d7503797b62051b174a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/auth.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 82182, "scanner": "repobility-threat-engine", "fingerprint": "efbcfa6dd07ca170284fe37b95ad91f2846d6e5658b195918f7dec91e0c63706", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|efbcfa6dd07ca170284fe37b95ad91f2846d6e5658b195918f7dec91e0c63706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/watch.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 82179, "scanner": "repobility-threat-engine", "fingerprint": "bae41f5eadaa6eb479b9f77447471b5fa7a9b238cb390bbbdcdf7b5c3877fe82", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bae41f5eadaa6eb479b9f77447471b5fa7a9b238cb390bbbdcdf7b5c3877fe82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 82178, "scanner": "repobility-threat-engine", "fingerprint": "6a06ce63da1c9750c7dbc6cf22e331f83c3f8c2e6626b432fa1ba3e0d28c5152", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6a06ce63da1c9750c7dbc6cf22e331f83c3f8c2e6626b432fa1ba3e0d28c5152"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/security.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 82177, "scanner": "repobility-threat-engine", "fingerprint": "4d1a3f69256b390c2cbc15e12104751e906e4f59883cb3d399814ef2df08b23f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4d1a3f69256b390c2cbc15e12104751e906e4f59883cb3d399814ef2df08b23f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/ingest.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 82176, "scanner": "repobility-threat-engine", "fingerprint": "c3369581d37a4ff246b4c043036cb48254effc7b5eb387bcf0e9a22f59b580ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "visited.update(next_frontier)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3369581d37a4ff246b4c043036cb48254effc7b5eb387bcf0e9a22f59b580ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/benchmark.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 35 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=7, else=4, except=1, if=6, nested_bonus=13, ternary=4."}, "properties": {"repobilityId": 82172, "scanner": "repobility-threat-engine", "fingerprint": "0ab22e19da1688c876655eda9dd6c7c6b4725d47a86eb02d85b64142fe2ac6f8", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 35 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "elif": 7, "else": 4, "except": 1, "ternary": 4, "nested_bonus": 13}, "complexity": 35, "correlation_key": "fp|0ab22e19da1688c876655eda9dd6c7c6b4725d47a86eb02d85b64142fe2ac6f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 82162, "scanner": "repobility-threat-engine", "fingerprint": "6ee465a5e3e2fc62505accfde71d427d54fc8492b6b11ebee912ec59dd19817c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ee465a5e3e2fc62505accfde71d427d54fc8492b6b11ebee912ec59dd19817c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/hooks.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 82161, "scanner": "repobility-threat-engine", "fingerprint": "47b0fa80706cffafc22686336553e64a21e3d78415266cce2b00b4efb8f6ab24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47b0fa80706cffafc22686336553e64a21e3d78415266cce2b00b4efb8f6ab24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/detect.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 82160, "scanner": "repobility-threat-engine", "fingerprint": "98e877873afd75bc93c72f5f28e93e4bfb1b93bb75ef024c515047957e4d8f26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98e877873afd75bc93c72f5f28e93e4bfb1b93bb75ef024c515047957e4d8f26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphify/__main__.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 82157, "scanner": "repobility-supply-chain", "fingerprint": "44fa7d4918d3b1d7b2e348502ff6dd35aa1b36ad06977a5bc6f5ffa43a821457", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44fa7d4918d3b1d7b2e348502ff6dd35aa1b36ad06977a5bc6f5ffa43a821457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82156, "scanner": "repobility-supply-chain", "fingerprint": "3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 82153, "scanner": "repobility-ast-engine", "fingerprint": "a1ccaadea748d54bc8d4bf91f5935a3fc3cff15c8eda7fa0dab539c94bc1b4b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1ccaadea748d54bc8d4bf91f5935a3fc3cff15c8eda7fa0dab539c94bc1b4b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/transport.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_connection_key` used but never assigned in __init__"}, "properties": {"repobilityId": 82152, "scanner": "repobility-ast-engine", "fingerprint": "bb2cb5db77e7ee44cb9db92e4debde556862b318beffdba72f3d5c3d1add064d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb2cb5db77e7ee44cb9db92e4debde556862b318beffdba72f3d5c3d1add064d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/transport.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_connection_key` used but never assigned in __init__"}, "properties": {"repobilityId": 82151, "scanner": "repobility-ast-engine", "fingerprint": "215281cba7dc33ab6acaa7cb72aab1972c34c7db396bdd251ad8cddf6c741d08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|215281cba7dc33ab6acaa7cb72aab1972c34c7db396bdd251ad8cddf6c741d08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/transport.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_error` used but never assigned in __init__"}, "properties": {"repobilityId": 82150, "scanner": "repobility-ast-engine", "fingerprint": "0fc305a51f84072e23c071015a93bd7a3829b2640a567b15a6a9c403edea9bed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fc305a51f84072e23c071015a93bd7a3829b2640a567b15a6a9c403edea9bed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/models.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._build_credentials` used but never assigned in __init__"}, "properties": {"repobilityId": 82149, "scanner": "repobility-ast-engine", "fingerprint": "04949d8f2140faa82b40b9d3479b06ca52a3d029dde1bfd309a7c479601ed2b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04949d8f2140faa82b40b9d3479b06ca52a3d029dde1bfd309a7c479601ed2b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/auth.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._parse_challenge` used but never assigned in __init__"}, "properties": {"repobilityId": 82148, "scanner": "repobility-ast-engine", "fingerprint": "57858c7e83519a4f20db887c33ba30f35ba0cf568a3f56f6d4b0c996c1386727", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57858c7e83519a4f20db887c33ba30f35ba0cf568a3f56f6d4b0c996c1386727"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/auth.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.aclose` used but never assigned in __init__"}, "properties": {"repobilityId": 82147, "scanner": "repobility-ast-engine", "fingerprint": "bcc80c5bfaef171c5f54253bc5030cd1b565d55b05fb3ecd6fcc13ceebf1e3ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bcc80c5bfaef171c5f54253bc5030cd1b565d55b05fb3ecd6fcc13ceebf1e3ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82146, "scanner": "repobility-ast-engine", "fingerprint": "a5f05d71765f70ba90efcb45e5696951480260f783e9d703c2ed574004e78d32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5f05d71765f70ba90efcb45e5696951480260f783e9d703c2ed574004e78d32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82145, "scanner": "repobility-ast-engine", "fingerprint": "ed865cf723cd676dbbe5abdf1da8e41a70d3df6bc3a105b9dc61806f0b394b5a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed865cf723cd676dbbe5abdf1da8e41a70d3df6bc3a105b9dc61806f0b394b5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82144, "scanner": "repobility-ast-engine", "fingerprint": "02a03ad3a792e8563c5e0f97253e5e02c97d67e6da1fa83563a44ab30dde02c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02a03ad3a792e8563c5e0f97253e5e02c97d67e6da1fa83563a44ab30dde02c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82143, "scanner": "repobility-ast-engine", "fingerprint": "fe268a6a98f0b3c5a22bb720f7e478d592f8f8688635f4e97027850f6c23fc02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe268a6a98f0b3c5a22bb720f7e478d592f8f8688635f4e97027850f6c23fc02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82142, "scanner": "repobility-ast-engine", "fingerprint": "e8d6b5f59ac4f13e7c4d4db71ffb5cd04c4b4cb697b2ddc02e8e85db635c7fe1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8d6b5f59ac4f13e7c4d4db71ffb5cd04c4b4cb697b2ddc02e8e85db635c7fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._merge_cookies` used but never assigned in __init__"}, "properties": {"repobilityId": 82141, "scanner": "repobility-ast-engine", "fingerprint": "a5602bed6466aea36cc1c9280d0a36d1c2630f3c38990f6ad797aa75bf40de4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5602bed6466aea36cc1c9280d0a36d1c2630f3c38990f6ad797aa75bf40de4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._build_request` used but never assigned in __init__"}, "properties": {"repobilityId": 82140, "scanner": "repobility-ast-engine", "fingerprint": "ee5443b8e82601d564b76f44ca38ec21b1ae5b244b6d410a4156f33cfe96b48c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee5443b8e82601d564b76f44ca38ec21b1ae5b244b6d410a4156f33cfe96b48c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 82139, "scanner": "repobility-ast-engine", "fingerprint": "3a5884b9409554ab56c2c0f94e691755354c64630dc121a3f42a5d3e1319bc25", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a5884b9409554ab56c2c0f94e691755354c64630dc121a3f42a5d3e1319bc25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82138, "scanner": "repobility-ast-engine", "fingerprint": "316bdba7ec0e3e5fa96a1772051a242cd5a0ebf048cc9dd2ee97faa4f8558cdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|316bdba7ec0e3e5fa96a1772051a242cd5a0ebf048cc9dd2ee97faa4f8558cdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82137, "scanner": "repobility-ast-engine", "fingerprint": "7916e7802e1110543ee9dce541ca6638cdd9137384a1b6c837f685f6faad09d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7916e7802e1110543ee9dce541ca6638cdd9137384a1b6c837f685f6faad09d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82136, "scanner": "repobility-ast-engine", "fingerprint": "0de376897e337565bc85305b7a176006f0987b8dad4c5ae076052b38b3d3df9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0de376897e337565bc85305b7a176006f0987b8dad4c5ae076052b38b3d3df9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82135, "scanner": "repobility-ast-engine", "fingerprint": "b91937e86d56cda0f1c640bffd0086c3165c809b4598f40b210d736a8cd1cdb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b91937e86d56cda0f1c640bffd0086c3165c809b4598f40b210d736a8cd1cdb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82134, "scanner": "repobility-ast-engine", "fingerprint": "3bad0b3d99fbea2b53272c910adee20f1cc168362e9ebe4098c0d701c4e0be79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bad0b3d99fbea2b53272c910adee20f1cc168362e9ebe4098c0d701c4e0be79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.request` used but never assigned in __init__"}, "properties": {"repobilityId": 82133, "scanner": "repobility-ast-engine", "fingerprint": "84a4a81596803a6f788d771338e54991fb28bdc00a0a0d4ac155e5ccf69c3586", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84a4a81596803a6f788d771338e54991fb28bdc00a0a0d4ac155e5ccf69c3586"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._merge_cookies` used but never assigned in __init__"}, "properties": {"repobilityId": 82132, "scanner": "repobility-ast-engine", "fingerprint": "1a9b4372905fc05d374a88482953439bcd049b835db1792f9dd49d60eee25aa8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a9b4372905fc05d374a88482953439bcd049b835db1792f9dd49d60eee25aa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._auth` used but never assigned in __init__"}, "properties": {"repobilityId": 82131, "scanner": "repobility-ast-engine", "fingerprint": "0692f22b1fca061850daf46f52c91690e04d4da7f4feba00a18c5ab5fbe5bc52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0692f22b1fca061850daf46f52c91690e04d4da7f4feba00a18c5ab5fbe5bc52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._build_request` used but never assigned in __init__"}, "properties": {"repobilityId": 82130, "scanner": "repobility-ast-engine", "fingerprint": "5e83bebd79f6a2c05190222c94314f4a2e02ac4b9c92c4aa296925baf02c9807", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e83bebd79f6a2c05190222c94314f4a2e02ac4b9c92c4aa296925baf02c9807"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "worked/httpx/raw/client.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.score` used but never assigned in __init__"}, "properties": {"repobilityId": 82129, "scanner": "repobility-ast-engine", "fingerprint": "2eaa6976e9a9ec371fd1f13802c18ab0f6eec1749bf10f577060d8a1aa571b3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2eaa6976e9a9ec371fd1f13802c18ab0f6eec1749bf10f577060d8a1aa571b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/sample_calls.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_graph_path_raises_if_file_missing"}, "properties": {"repobilityId": 82128, "scanner": "repobility-ast-engine", "fingerprint": "ff86083aaacc1ef924f7e7859c1d563514da9bcf81cf7b32536116000881b813", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff86083aaacc1ef924f7e7859c1d563514da9bcf81cf7b32536116000881b813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_graph_path_requires_base_exists"}, "properties": {"repobilityId": 82127, "scanner": "repobility-ast-engine", "fingerprint": "6ae73890a896943d3ce9d35afb96875d5cf3424cb0863efd9d042b331df9e752", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ae73890a896943d3ce9d35afb96875d5cf3424cb0863efd9d042b331df9e752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_graph_path_blocks_traversal"}, "properties": {"repobilityId": 82126, "scanner": "repobility-ast-engine", "fingerprint": "30a388dd31731260894831bd8b673cb9b0d0e226234104335cbe0c4c85e63cb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30a388dd31731260894831bd8b673cb9b0d0e226234104335cbe0c4c85e63cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_safe_fetch_raises_on_size_exceeded"}, "properties": {"repobilityId": 82125, "scanner": "repobility-ast-engine", "fingerprint": "2e6182a9e2aa11177026b0e3eb7b4b8758b01a2cdb3d66fba44b2175beab2764", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e6182a9e2aa11177026b0e3eb7b4b8758b01a2cdb3d66fba44b2175beab2764"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_safe_fetch_raises_on_non_2xx"}, "properties": {"repobilityId": 82124, "scanner": "repobility-ast-engine", "fingerprint": "557d9256174ebf5b5d6faa53e012659830359c3b87cb89c48024c1d32162f846", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|557d9256174ebf5b5d6faa53e012659830359c3b87cb89c48024c1d32162f846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_safe_fetch_rejects_ftp_url"}, "properties": {"repobilityId": 82123, "scanner": "repobility-ast-engine", "fingerprint": "9a513b4bb4d3b04bdf46484f250ee7a9ad58a421430377da6dd002333993ef33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a513b4bb4d3b04bdf46484f250ee7a9ad58a421430377da6dd002333993ef33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_safe_fetch_rejects_file_url"}, "properties": {"repobilityId": 82122, "scanner": "repobility-ast-engine", "fingerprint": "1b3a2daf98271f61deb2e48cede7d7c795deff51e7b53f62bcee4ca8180bce66", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b3a2daf98271f61deb2e48cede7d7c795deff51e7b53f62bcee4ca8180bce66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_url_rejects_empty_scheme"}, "properties": {"repobilityId": 82121, "scanner": "repobility-ast-engine", "fingerprint": "88a82fca1415743f6c8e1f565f805d2c059d474f79164e24fc2e6882f4f78845", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88a82fca1415743f6c8e1f565f805d2c059d474f79164e24fc2e6882f4f78845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_url_rejects_data"}, "properties": {"repobilityId": 82120, "scanner": "repobility-ast-engine", "fingerprint": "3cb73748eebb21edba8deb0abee202c0a8c7e43a4757485f0bd754d89da338ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3cb73748eebb21edba8deb0abee202c0a8c7e43a4757485f0bd754d89da338ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_url_rejects_ftp"}, "properties": {"repobilityId": 82119, "scanner": "repobility-ast-engine", "fingerprint": "5464d7d6e893c22b8abedecf88b71f5d63785b5152fbda430c0ca8442733d2db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5464d7d6e893c22b8abedecf88b71f5d63785b5152fbda430c0ca8442733d2db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_url_rejects_file"}, "properties": {"repobilityId": 82118, "scanner": "repobility-ast-engine", "fingerprint": "58a7871ebfb9ce5ca0921090ac06d6f867272579e69ad2ee888fdce31e1765fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58a7871ebfb9ce5ca0921090ac06d6f867272579e69ad2ee888fdce31e1765fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_security.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_assert_valid_passes_silently"}, "properties": {"repobilityId": 82117, "scanner": "repobility-ast-engine", "fingerprint": "e0895a8d671a5e45439bc6ce1ded8b3192a6c1d9d414526c519c19e69f8f00a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0895a8d671a5e45439bc6ce1ded8b3192a6c1d9d414526c519c19e69f8f00a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_assert_valid_raises_on_errors"}, "properties": {"repobilityId": 82116, "scanner": "repobility-ast-engine", "fingerprint": "eeaf3c3c311262d92b8b10f331fd950637cb3b60959cd5a11d25c8f212210562", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eeaf3c3c311262d92b8b10f331fd950637cb3b60959cd5a11d25c8f212210562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_validate.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_watch_raises_without_watchdog"}, "properties": {"repobilityId": 82115, "scanner": "repobility-ast-engine", "fingerprint": "604a6b8a5883f77a33b97ede548d9da7c23795290613be2bfebee1e2206d8454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|604a6b8a5883f77a33b97ede548d9da7c23795290613be2bfebee1e2206d8454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_watch.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_load_graph_missing_file"}, "properties": {"repobilityId": 82114, "scanner": "repobility-ast-engine", "fingerprint": "9a9af27cd7af7000c1353d571914767e099924798f984b4ce15cdc84ca7ee272", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a9af27cd7af7000c1353d571914767e099924798f984b4ce15cdc84ca7ee272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_serve.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_git_repo_raises"}, "properties": {"repobilityId": 82113, "scanner": "repobility-ast-engine", "fingerprint": "99fe8444a07aed3c44902638206226dca03c986dca1a9236fe274e8c978e61a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99fe8444a07aed3c44902638206226dca03c986dca1a9236fe274e8c978e61a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_hooks.py"}, "region": {"startLine": 78}}}]}]}]}