{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` \u2014 ", "shortDescription": {"text": "[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one c"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def generate_single_image(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `generate_single_image` has cognitive complexity 15 (SonarSource scale). C", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `generate_single_image` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and r"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.embeddings` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads", "shortDescription": {"text": "[MINED108] `self.embeddings` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.embeddings`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError"}, "fullDescription": {"text": "Initialize `self.embeddings = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_sleep: Test function `test_sleep` runs code but contains no assert / expect / sho", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_sleep: Test function `test_sleep` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/540"}, "properties": {"repository": "HKUDS/ViMax", "repoUrl": "https://github.com/HKUDS/ViMax.git", "branch": "main"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 33261, "scanner": "repobility-ast-engine", "fingerprint": "e695d8af3ad45f047b13ab1420392ed81b84dfc1e5e70e67d291d03a966be1bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e695d8af3ad45f047b13ab1420392ed81b84dfc1e5e70e67d291d03a966be1bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/image_generator_doubao_seedream_yunwu_api.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 33260, "scanner": "repobility-ast-engine", "fingerprint": "97362ee43f1986f2273f7cb07ab97b8f83cd27bc645b416fd5ece5b7fd5090fd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97362ee43f1986f2273f7cb07ab97b8f83cd27bc645b416fd5ece5b7fd5090fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/image_generator_nanobanana_google_api.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 33259, "scanner": "repobility-ast-engine", "fingerprint": "8c874f89e6fd85d14bec3d55792a493e6cae5e4426e34924e355b2ea3206d401", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c874f89e6fd85d14bec3d55792a493e6cae5e4426e34924e355b2ea3206d401"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/image_generator_nanobanana_yunwu_api.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_single_video` (list): `def generate_single_video(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 33258, "scanner": "repobility-ast-engine", "fingerprint": "aff2bcef78843683ef830e7ea17fed9337c71c868f571e3685e72a7f3979a015", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aff2bcef78843683ef830e7ea17fed9337c71c868f571e3685e72a7f3979a015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/video_generator_veo_yunwu_api.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 33250, "scanner": "repobility-threat-engine", "fingerprint": "7a3c51cbf4ddf7408b8ea5cc6ac44d4a7b7dd66adefd56f527f65cbe28a30acf", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logging.info(f\"Calling {params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a3c51cbf4ddf7408b8ea5cc6ac44d4a7b7dd66adefd56f527f65cbe28a30acf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/video_generator_veo_google_api.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `generate_single_image` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=1, else=1, except=1, for=2, if=4, nested_bonus=5."}, "properties": {"repobilityId": 33239, "scanner": "repobility-threat-engine", "fingerprint": "92f295713750b171bf5885007636e5d2036379a13564fb0758cfc3b69338faca", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "generate_single_image", "breakdown": {"if": 4, "for": 2, "elif": 1, "else": 1, "break": 1, "except": 1, "nested_bonus": 5}, "complexity": 15, "correlation_key": "fp|92f295713750b171bf5885007636e5d2036379a13564fb0758cfc3b69338faca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/image_generator_nanobanana_google_api.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `construct_camera_tree` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, nested_bonus=7, ternary=6."}, "properties": {"repobilityId": 33237, "scanner": "repobility-threat-engine", "fingerprint": "d377e43c2404462bab0ba6004e4182961c08f8816bdb40f015d58363fdc96093", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "construct_camera_tree", "breakdown": {"for": 3, "ternary": 6, "nested_bonus": 7}, "complexity": 16, "correlation_key": "fp|d377e43c2404462bab0ba6004e4182961c08f8816bdb40f015d58363fdc96093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/camera_image_generator.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 33236, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33257, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb43edb6ab805942c4958b83b4e0839abbf3b30d4971230360bc14e2420f6f35", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pipelines/idea2video_pipeline.py", "duplicate_line": 32, "correlation_key": "fp|cb43edb6ab805942c4958b83b4e0839abbf3b30d4971230360bc14e2420f6f35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/script2video_pipeline.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "181a20ce2d98132bf96eddfcd49aee820fa8bbf03de7a7e9209d10bb2e69738d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "agents/script_enhancer.py", "duplicate_line": 59, "correlation_key": "fp|181a20ce2d98132bf96eddfcd49aee820fa8bbf03de7a7e9209d10bb2e69738d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/script_planner.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 33255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24a2288adc4b966bcc484a94043e2115abc8bb2a3c233db07aca1cd6d74f884e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "agents/event_extractor.py", "duplicate_line": 59, "correlation_key": "fp|24a2288adc4b966bcc484a94043e2115abc8bb2a3c233db07aca1cd6d74f884e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/global_information_planner.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `generate_character_portraits` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=3, nested_bonus=2."}, "properties": {"repobilityId": 33238, "scanner": "repobility-threat-engine", "fingerprint": "90fb838daaa04a649e66ce1e74755e22dab1742d32fd0ea434031831e4e554c8", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "generate_character_portraits", "breakdown": {"if": 3, "for": 1, "else": 2, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|90fb838daaa04a649e66ce1e74755e22dab1742d32fd0ea434031831e4e554c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/idea2video_pipeline.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 33254, "scanner": "repobility-threat-engine", "fingerprint": "5ca44923dd561f0d0f11f40c34cd7915fde6f8f2e5a8740788a425bf8f6a80f5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ca44923dd561f0d0f11f40c34cd7915fde6f8f2e5a8740788a425bf8f6a80f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/video.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 33253, "scanner": "repobility-threat-engine", "fingerprint": "375fa98e3dec4b30fee56f0be4973e339615a3d7ac567b5aefb13496b1dc03fe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|375fa98e3dec4b30fee56f0be4973e339615a3d7ac567b5aefb13496b1dc03fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/image.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 33249, "scanner": "repobility-threat-engine", "fingerprint": "eb29464dcf3f23647f991e4c94b6a504f41756fe7caa4f03b5331ab322a70e35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb29464dcf3f23647f991e4c94b6a504f41756fe7caa4f03b5331ab322a70e35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/render_backend.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 33248, "scanner": "repobility-threat-engine", "fingerprint": "5f87982c5a7cda4ba9bd17ba0f231d6308660004e4e7767fc1b887013a686bd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f87982c5a7cda4ba9bd17ba0f231d6308660004e4e7767fc1b887013a686bd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/idea2video_pipeline.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 33247, "scanner": "repobility-threat-engine", "fingerprint": "1bf7c02fd16c72502f33a98fd03214316d4e0b58ad7df6fc89b5d32ecfde4abd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1bf7c02fd16c72502f33a98fd03214316d4e0b58ad7df6fc89b5d32ecfde4abd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/idea2video_pipeline_deprecated.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 33246, "scanner": "repobility-threat-engine", "fingerprint": "a42ce35d529a5028ed6030f05760b2547bc2771296760402c7dbebe67d4c5619", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a42ce35d529a5028ed6030f05760b2547bc2771296760402c7dbebe67d4c5619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/idea2video_pipeline.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33244, "scanner": "repobility-threat-engine", "fingerprint": "fb56d2ef1ece1b3af36f5366b6c77ae2e87257e1c371ec60c01349582c7da77e", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\bawait\\b' detected on same line", "evidence": {"match": "character_portraits_registry.update(await future)", "reason": "Safe pattern '\\bawait\\b' detected on same line", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|fb56d2ef1ece1b3af36f5366b6c77ae2e87257e1c371ec60c01349582c7da77e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/idea2video_pipeline.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 33240, "scanner": "repobility-threat-engine", "fingerprint": "7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "construct_camera_tree", "breakdown": {"for": 3, "ternary": 6, "nested_bonus": 7}, "aggregated": true, "complexity": 16, "correlation_key": "fp|7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "aggregated_count": 6}}}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.embeddings` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.embeddings`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33287, "scanner": "repobility-ast-engine", "fingerprint": "1faaff846351f1b216e32d8794e7f549b24a2f425dbd3c47e948b43510588a5e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1faaff846351f1b216e32d8794e7f549b24a2f425dbd3c47e948b43510588a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.novel_compressor` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.novel_compressor`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33286, "scanner": "repobility-ast-engine", "fingerprint": "e58fcfeab95fabf21684af5146a0c31e9c48a09afaa2e6e085e08239b82d67e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e58fcfeab95fabf21684af5146a0c31e9c48a09afaa2e6e085e08239b82d67e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33285, "scanner": "repobility-ast-engine", "fingerprint": "0840fa05a38e29ab51e6c66964440f2e409778e9ceabf5b76bd240a1b0727da8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0840fa05a38e29ab51e6c66964440f2e409778e9ceabf5b76bd240a1b0727da8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 510}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33284, "scanner": "repobility-ast-engine", "fingerprint": "2beedb01b2723861374e12528a94d06f0cbafe3203099897ea3ea5c25ae56793", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2beedb01b2723861374e12528a94d06f0cbafe3203099897ea3ea5c25ae56793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 394}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33283, "scanner": "repobility-ast-engine", "fingerprint": "0fb7cf6e70fbf6ecfa6cde0667953d084304a39842478167e690c74482f4500e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fb7cf6e70fbf6ecfa6cde0667953d084304a39842478167e690c74482f4500e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33282, "scanner": "repobility-ast-engine", "fingerprint": "726153512ab5bf949442ef6367bdbdf4ea351ada67cd65fa7f02e76d57bcd101", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|726153512ab5bf949442ef6367bdbdf4ea351ada67cd65fa7f02e76d57bcd101"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33281, "scanner": "repobility-ast-engine", "fingerprint": "a53a00247193a3f06854b0de6a931183e832ae1bcd615e683a8a3c99c5ac6699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a53a00247193a3f06854b0de6a931183e832ae1bcd615e683a8a3c99c5ac6699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33280, "scanner": "repobility-ast-engine", "fingerprint": "ddd21e645b8d117a462060ce9b695e59f8552c86ee6c50d78f8b12944b0414b3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddd21e645b8d117a462060ce9b695e59f8552c86ee6c50d78f8b12944b0414b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33279, "scanner": "repobility-ast-engine", "fingerprint": "0f544a6ce6b6497d9ec936145a8d09950d9fd19ab0b2c11ea888092384feb744", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f544a6ce6b6497d9ec936145a8d09950d9fd19ab0b2c11ea888092384feb744"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33278, "scanner": "repobility-ast-engine", "fingerprint": "63788351049b609f069f107489fbfb2308b0776fa604a9f593679dd10734d957", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63788351049b609f069f107489fbfb2308b0776fa604a9f593679dd10734d957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pipelines/novel2movie_pipeline.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.start_time` used but never assigned in __init__: Method `__exit__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33277, "scanner": "repobility-ast-engine", "fingerprint": "f82958193cc1410e3765d640c838a676c9ab8d44d80ab16669b572b976c825b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f82958193cc1410e3765d640c838a676c9ab8d44d80ab16669b572b976c825b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/timer.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.start_time` used but never assigned in __init__: Method `__enter__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33276, "scanner": "repobility-ast-engine", "fingerprint": "7cc3c0dd37924b1ca6616af9b30314b45f46e57c34db84bec686203997d3ec91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cc3c0dd37924b1ca6616af9b30314b45f46e57c34db84bec686203997d3ec91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/timer.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.start_time` used but never assigned in __init__: Method `__enter__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33275, "scanner": "repobility-ast-engine", "fingerprint": "7d034dcce4319aad3b6c793aeb886ebd2b066d4a13695bd0f34525e1a78e027f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d034dcce4319aad3b6c793aeb886ebd2b066d4a13695bd0f34525e1a78e027f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/timer.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_sleep: Test function `test_sleep` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 33274, "scanner": "repobility-ast-engine", "fingerprint": "84ed831c9acea639901b96a5552e1445f176e2ce92906bf91b132c0c64e5a018", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84ed831c9acea639901b96a5552e1445f176e2ce92906bf91b132c0c64e5a018"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/timer.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.line` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.line`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33273, "scanner": "repobility-ast-engine", "fingerprint": "aca886ba2ad4fa41ce5680effe2cf17bf62223e9ae75b83184a0718297508314", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aca886ba2ad4fa41ce5680effe2cf17bf62223e9ae75b83184a0718297508314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.emotion` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.emotion`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33272, "scanner": "repobility-ast-engine", "fingerprint": "0a76c2f22a791734266239807ddc719ece5451999dc9c9d6c9e070a239c3a0ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a76c2f22a791734266239807ddc719ece5451999dc9c9d6c9e070a239c3a0ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33271, "scanner": "repobility-ast-engine", "fingerprint": "980a20336381418ea592d3f5edea87583fda88b994275deae40b6079eb78f122", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|980a20336381418ea592d3f5edea87583fda88b994275deae40b6079eb78f122"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33270, "scanner": "repobility-ast-engine", "fingerprint": "1a25d11614a32a2cb1f3e83434fe62c317f424afbc787bc6e7b4a708081e131f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a25d11614a32a2cb1f3e83434fe62c317f424afbc787bc6e7b4a708081e131f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33269, "scanner": "repobility-ast-engine", "fingerprint": "597a8224ee3d8a2da5973d9b5adfea292d071e45ee0003779a623b5f8ed53cdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|597a8224ee3d8a2da5973d9b5adfea292d071e45ee0003779a623b5f8ed53cdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33268, "scanner": "repobility-ast-engine", "fingerprint": "5220334c48397e616052a865c6d324e0cb07dff68c4c33d04d89dfad5148758c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5220334c48397e616052a865c6d324e0cb07dff68c4c33d04d89dfad5148758c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33267, "scanner": "repobility-ast-engine", "fingerprint": "61f9c5146b59ebe45ec384354d7277a9b01022042b02f3bea1aacea80a0d64c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61f9c5146b59ebe45ec384354d7277a9b01022042b02f3bea1aacea80a0d64c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33266, "scanner": "repobility-ast-engine", "fingerprint": "b64702efba926eb80e70038f64a6ae59192e534e2dd8d9eee10e60b457dba59c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b64702efba926eb80e70038f64a6ae59192e534e2dd8d9eee10e60b457dba59c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/shot_description.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.extract_next_event` used but never assigned in __init__: Method `__call__` of class `EventExtractor` reads `self.extract_next_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33265, "scanner": "repobility-ast-engine", "fingerprint": "0f9fcd675a589923f3468d677a5d164c90fb7bf43f09a4b4e5b06b659d406af8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f9fcd675a589923f3468d677a5d164c90fb7bf43f09a4b4e5b06b659d406af8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/event_extractor.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.compress_single_novel_chunk` used but never assigned in __init__: Method `compress` of class `NovelCompressor` reads `self.compress_single_novel_chunk`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33264, "scanner": "repobility-ast-engine", "fingerprint": "5605bcb861eab510e71df16489b6158b0d7a88fc5205fb175770c6740242a169", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5605bcb861eab510e71df16489b6158b0d7a88fc5205fb175770c6740242a169"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agents/novel_compressor.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_video_generation_task` used but never assigned in __init__: Method `generate_single_video` of class `VideoGeneratorDoubaoSeedanceYunwuAPI` reads `self.query_video_generation_task`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33263, "scanner": "repobility-ast-engine", "fingerprint": "45b4b6eaadb48581abeee36457ae56293e2842468c9ba061896fc716077277ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45b4b6eaadb48581abeee36457ae56293e2842468c9ba061896fc716077277ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/video_generator_doubao_seedance_yunwu_api.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_video_generation_task` used but never assigned in __init__: Method `generate_single_video` of class `VideoGeneratorDoubaoSeedanceYunwuAPI` reads `self.create_video_generation_task`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 33262, "scanner": "repobility-ast-engine", "fingerprint": "83495c55ac77b9ec1e4866910059873fd7fbce1489e0aa332ea259ff23acd3c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83495c55ac77b9ec1e4866910059873fd7fbce1489e0aa332ea259ff23acd3c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/video_generator_doubao_seedance_yunwu_api.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 33252, "scanner": "repobility-threat-engine", "fingerprint": "897c663e2e29b63beeb22f41235393891d20283bfdf62d067d0860d758ad5a58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|897c663e2e29b63beeb22f41235393891d20283bfdf62d067d0860d758ad5a58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/video.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 33251, "scanner": "repobility-threat-engine", "fingerprint": "4e7d7ec5bc66010ea97317f169434c44442f2b37574ea8f7f0613092f5a3434c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e7d7ec5bc66010ea97317f169434c44442f2b37574ea8f7f0613092f5a3434c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/image.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33245, "scanner": "repobility-threat-engine", "fingerprint": "dcf7ffdab4fef2f0c312745741ed16bb741450d6edfe8facc8baaadaba0272e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "image.save(buffered, format=\"PNG\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcf7ffdab4fef2f0c312745741ed16bb741450d6edfe8facc8baaadaba0272e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/image.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 33243, "scanner": "repobility-threat-engine", "fingerprint": "5d4a404831edb80c4116f138bdb3ee4d6c371cb5b131ecaa6df089c97d0a7898", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.data.save(path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d4a404831edb80c4116f138bdb3ee4d6c371cb5b131ecaa6df089c97d0a7898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/image_output.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 33242, "scanner": "repobility-threat-engine", "fingerprint": "07b7f4cea82439075ecde05038b9f0152d279cfb92a7c2f0b54354574fc5c81b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|07b7f4cea82439075ecde05038b9f0152d279cfb92a7c2f0b54354574fc5c81b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/video_output.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 33241, "scanner": "repobility-threat-engine", "fingerprint": "61cbaaf9c20ccab7157893b99507a90aa1c4294ec2be651a9e1d65b6e7d11fff", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|61cbaaf9c20ccab7157893b99507a90aa1c4294ec2be651a9e1d65b6e7d11fff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "interfaces/image_output.py"}, "region": {"startLine": 35}}}]}]}]}