{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 28 more): Same pattern found in 28 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 79 more): Same pattern found in 79 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at ", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1084"}, "properties": {"repository": "wso2/apim-apps", "repoUrl": "https://github.com/wso2/apim-apps", "branch": "main"}, "results": [{"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 106497, "scanner": "repobility-threat-engine", "fingerprint": "44ecb9935cb0fefe0cf46d1e477a00f51111abd99a0a1423c88578a34e94c785", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "key={Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44ecb9935cb0fefe0cf46d1e477a00f51111abd99a0a1423c88578a34e94c785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/APIDefinition/Linting/APILintingSummary.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 106496, "scanner": "repobility-threat-engine", "fingerprint": "072801a028d1c59fe956f5fa5baf1cfc0177775b9407c7dbcaa00718b2153680", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "key={Math.random", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|86|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/APIDefinition/Linting/APILintingSummary.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 106493, "scanner": "repobility-threat-engine", "fingerprint": "973db2c85ebd0b8473817f50cb8056e20672db208d956ae3879b24cbfd7b9c98", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.location = downloadUrl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|973db2c85ebd0b8473817f50cb8056e20672db208d956ae3879b24cbfd7b9c98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/View.jsx"}, "region": {"startLine": 190}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 106483, "scanner": "repobility-threat-engine", "fingerprint": "b4abce0eb63b7f4d418f88dc830d58cab43f8fbb2d1e9df79c3916002fc42cca", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|36|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 106482, "scanner": "repobility-threat-engine", "fingerprint": "767053eff8068db1912aec3ce7fac65a474d73ddc1a7de07834f8a57b0bad8e1", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|172|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Create/CreateAPIWithAI/components/AlertDialog.tsx"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 106481, "scanner": "repobility-threat-engine", "fingerprint": "218ecfed2f384ea8a7278ce0b54c40aecaa31fca5749c251fbc920e1e9c89c0f", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|49|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 106477, "scanner": "repobility-threat-engine", "fingerprint": "b753914e0dd22af4860114656f9ebfde5466df9b9d2f42752219d6c1480ea267", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|27|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Base/Header/headersearch/SearchParser.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 106476, "scanner": "repobility-threat-engine", "fingerprint": "9fbd180603308a5274e6b376cc020146696fa654ccf1ce3f1f6c3da1b3baaeac", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|174|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/View.jsx"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 106475, "scanner": "repobility-threat-engine", "fingerprint": "95628b5e4c52e23d5c4c3570d7da254e83249fbdc34275755b3e6fd941cced6d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|55|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiConsole/curlSyntaxHighlight.jsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 106470, "scanner": "repobility-threat-engine", "fingerprint": "4cd2248f18b3a8342304645eb48fbc63c755e6f4c0913d57b1ee6c2571f699b7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'<your-api-key>'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4cd2248f18b3a8342304645eb48fbc63c755e6f4c0913d57b1ee6c2571f699b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/site/public/locales/converter/i18nconverter.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bfc48ba1b4307daef9e1e41b0cdf5c9b01b18a826b4cc27c155846cfc3bb185a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APICategories/DeleteAPICategory.jsx", "duplicate_line": 33, "correlation_key": "fp|bfc48ba1b4307daef9e1e41b0cdf5c9b01b18a826b4cc27c155846cfc3bb185a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Labels/DeleteLabel.jsx"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b5990b85e95e33ffafa4af62beeface8216578dd19ef04054352883ec5ee27b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APICategories/AddEditAPICategory.jsx", "duplicate_line": 4, "correlation_key": "fp|1b5990b85e95e33ffafa4af62beeface8216578dd19ef04054352883ec5ee27b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Labels/AddEditLabel.jsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4ff0ee167fb60642c1d05c11a9f04b30d461f0146af3b3d293965e47d4ec398", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APIKeys/ListApiKeys.jsx", "duplicate_line": 413, "correlation_key": "fp|e4ff0ee167fb60642c1d05c11a9f04b30d461f0146af3b3d293965e47d4ec398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagers.jsx"}, "region": {"startLine": 615}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "faa8c44a147b61c158939d93041c24e25e69db09bdf89c833f0dc39edfaa0110", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBase.jsx", "duplicate_line": 195, "correlation_key": "fp|faa8c44a147b61c158939d93041c24e25e69db09bdf89c833f0dc39edfaa0110"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagers.jsx"}, "region": {"startLine": 573}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f78d15d67203c0af0f37f54eb5d0ddce974797dab94a33126a06240d64e648a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBaseWithPagination.jsx", "duplicate_line": 180, "correlation_key": "fp|f78d15d67203c0af0f37f54eb5d0ddce974797dab94a33126a06240d64e648a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagers.jsx"}, "region": {"startLine": 366}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d302b3c5ced54094df9838ff6dc160d8a34902b20350f1fe3676789a266072ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx", "duplicate_line": 24, "correlation_key": "fp|d302b3c5ced54094df9838ff6dc160d8a34902b20350f1fe3676789a266072ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagers.jsx"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ba73a5b7a2dfa84318ab9dc42a008fa4debfd9f0a178c58fc6135bf0104a45a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx", "duplicate_line": 281, "correlation_key": "fp|1ba73a5b7a2dfa84318ab9dc42a008fa4debfd9f0a178c58fc6135bf0104a45a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagerUsages.jsx"}, "region": {"startLine": 237}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6244b8058175dc99e4d95d3236639dcbf38b4a16bc9f66cd73a7ac28a51cc039", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBase.jsx", "duplicate_line": 197, "correlation_key": "fp|6244b8058175dc99e4d95d3236639dcbf38b4a16bc9f66cd73a7ac28a51cc039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ListKeyManagerUsages.jsx"}, "region": {"startLine": 231}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f049cc4c259be66936a5a3af86dd19cc72350fbe1ab0c4ba1a2f84f58d8cb11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/ClaimMapping.jsx", "duplicate_line": 143, "correlation_key": "fp|2f049cc4c259be66936a5a3af86dd19cc72350fbe1ab0c4ba1a2f84f58d8cb11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/KeyValidation.jsx"}, "region": {"startLine": 217}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad65cf290fc7ffdce001e55f865506b30cb1f9663a1a3b5e5f051bc26f939b44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/GatewayConfiguration.jsx", "duplicate_line": 233, "correlation_key": "fp|ad65cf290fc7ffdce001e55f865506b30cb1f9663a1a3b5e5f051bc26f939b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/KeyManagers/KeyManagerConfiguration.jsx"}, "region": {"startLine": 326}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d8bfb85c73c0aa502f8756c388483b808027f7bd24379a84da66bd59fbcbc24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/RulesetCatalog/AddEditRuleset.jsx", "duplicate_line": 362, "correlation_key": "fp|8d8bfb85c73c0aa502f8756c388483b808027f7bd24379a84da66bd59fbcbc24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/RulesetCatalog/ListRulesets.jsx"}, "region": {"startLine": 167}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0cc48cb33e281e9dcf6a7c4578f1172d6b145772d4dca86d74ad5eb9a229f754", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/Policies/ListPolicies.jsx", "duplicate_line": 56, "correlation_key": "fp|0cc48cb33e281e9dcf6a7c4578f1172d6b145772d4dca86d74ad5eb9a229f754"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/RulesetCatalog/ListRulesets.jsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cfc7d85c8ac1ae6dd2110c6b1c3059907fa5ddccb07f0c81f2773bad172987c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/Compliance.jsx", "duplicate_line": 28, "correlation_key": "fp|9cfc7d85c8ac1ae6dd2110c6b1c3059907fa5ddccb07f0c81f2773bad172987c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/Summary.jsx"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b0729bb589d829de2fc2dd5ecb5cccc74f2cdcf0bf950699d3a66c749cc3c9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/PolicyAdherenceSummaryTable.jsx", "duplicate_line": 51, "correlation_key": "fp|7b0729bb589d829de2fc2dd5ecb5cccc74f2cdcf0bf950699d3a66c749cc3c9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/PolicyAdherenceTable.jsx"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45164cdc602c917007a8dbadb83416467582b7aa1a9a8369b98ac2de07af730a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/ApiComplianceTable.jsx", "duplicate_line": 85, "correlation_key": "fp|45164cdc602c917007a8dbadb83416467582b7aa1a9a8369b98ac2de07af730a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/PolicyAdherenceTable.jsx"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a25bc05f75956483f806b636b2981ceb411bd02ee8519792408a7b8b0cc8ed6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/PolicyAdherenceSummaryTable.jsx", "duplicate_line": 51, "correlation_key": "fp|3a25bc05f75956483f806b636b2981ceb411bd02ee8519792408a7b8b0cc8ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/ApiComplianceTable.jsx"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85e633cc36b91671eaca6efb95d6156698a639c1d6ba0916338dc3b0ae6256c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/PolicyAdherenceSummaryTable.jsx", "duplicate_line": 114, "correlation_key": "fp|85e633cc36b91671eaca6efb95d6156698a639c1d6ba0916338dc3b0ae6256c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/RulesetAdherenceSummaryTable.jsx"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21f335bdbdbb700158f3042b3b6408045944bd5597002a0490936fddc28716cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/PolicyAdherenceSummaryTable.jsx", "duplicate_line": 211, "correlation_key": "fp|21f335bdbdbb700158f3042b3b6408045944bd5597002a0490936fddc28716cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Governance/ComplianceDashboard/APICompliance/RuleViolationSummary.jsx"}, "region": {"startLine": 311}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fab8d2f342aa529ba2dbb35bcf458f1f18a4e6382deddb58b49bc7b16d870803", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/ListGWEnviornments.jsx", "duplicate_line": 77, "correlation_key": "fp|fab8d2f342aa529ba2dbb35bcf458f1f18a4e6382deddb58b49bc7b16d870803"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/PlatformGatewayQuickStartGuide.jsx"}, "region": {"startLine": 668}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1febb8da755f268391c65bd8ae828c4569d410f2dd82d13e9b98bfe37ee54cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx", "duplicate_line": 281, "correlation_key": "fp|f1febb8da755f268391c65bd8ae828c4569d410f2dd82d13e9b98bfe37ee54cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/ListGatewayInstances.jsx"}, "region": {"startLine": 143}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9961bc9037519b91252d38d7c15390bcd5fb907de40ff953e9a40ee80ebddd0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBase.jsx", "duplicate_line": 201, "correlation_key": "fp|f9961bc9037519b91252d38d7c15390bcd5fb907de40ff953e9a40ee80ebddd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/ListGatewayInstances.jsx"}, "region": {"startLine": 141}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93116d71af2b31dd29577802a9524c6d9f53cb1acb7bf9a3e24439af386e4adc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/LoginDenied.jsx", "duplicate_line": 1, "correlation_key": "fp|93116d71af2b31dd29577802a9524c6d9f53cb1acb7bf9a3e24439af386e4adc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Base/Errors/UnexpectedError.jsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03ae14ca9df47caacca756b7b67bc8f0650ea344defa13607fe14232da71e365", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APISettings/ListApis.jsx", "duplicate_line": 222, "correlation_key": "fp|03ae14ca9df47caacca756b7b67bc8f0650ea344defa13607fe14232da71e365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/ApplicationSettings/UpgradeTokenType.jsx"}, "region": {"startLine": 224}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106506, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f739745bcbe31de373be40ea0546e23830705b5396623bbcfef043cd5a5a041f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/ApplicationSettings/ChangeAppOwner.jsx", "duplicate_line": 25, "correlation_key": "fp|f739745bcbe31de373be40ea0546e23830705b5396623bbcfef043cd5a5a041f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/ApplicationSettings/UpgradeTokenType.jsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106505, "scanner": "repobility-ai-code-hygiene", "fingerprint": "baefe22bcadc7239cb82a74a72abe4fb839136bf70717e293a9d016c267db6d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APISettings/ListApis.jsx", "duplicate_line": 222, "correlation_key": "fp|baefe22bcadc7239cb82a74a72abe4fb839136bf70717e293a9d016c267db6d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/ApplicationSettings/ChangeAppOwner.jsx"}, "region": {"startLine": 219}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106504, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f501a7e1d7c15d7f17ee75381743a905db83c229dcc28a7340d99c53a860f26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APISettings/ApisTableHead.jsx", "duplicate_line": 59, "correlation_key": "fp|8f501a7e1d7c15d7f17ee75381743a905db83c229dcc28a7340d99c53a860f26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/ApplicationSettings/ApplicationTableHead.jsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106503, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48d07cbe1e5f5eb3a1b09e2423452ca12d571b37ebf810fbeedc899fb73eed41", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/APIKeys/ListApiKeys.jsx", "duplicate_line": 465, "correlation_key": "fp|48d07cbe1e5f5eb3a1b09e2423452ca12d571b37ebf810fbeedc899fb73eed41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx"}, "region": {"startLine": 359}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106502, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be532712838cfe791f84258c7a66249cc3a4926f3fc5122ccad80fffa0f2405e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBase.jsx", "duplicate_line": 195, "correlation_key": "fp|be532712838cfe791f84258c7a66249cc3a4926f3fc5122ccad80fffa0f2405e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx"}, "region": {"startLine": 273}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106501, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a88ea5cf4ed4f5e4aef8d62e3ae149634e4d371f0141fb222fce90eca90be74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBaseWithPagination.jsx", "duplicate_line": 93, "correlation_key": "fp|8a88ea5cf4ed4f5e4aef8d62e3ae149634e4d371f0141fb222fce90eca90be74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AiServiceProviders/ListAiServiceProviders.jsx"}, "region": {"startLine": 243}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106500, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec6e055b7e395062c86ded1763aa8bff0f0aa36e89c4ecd33ce0fe741545d5aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBase.jsx", "duplicate_line": 93, "correlation_key": "fp|ec6e055b7e395062c86ded1763aa8bff0f0aa36e89c4ecd33ce0fe741545d5aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AdminPages/Addons/ListBaseWithPagination.jsx"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 106448, "scanner": "repobility-threat-engine", "fingerprint": "526fd52d5478ba3b30400d04905d9204972f57f5a12b084d1df0de690c10e526", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'The user with ' + partialToken + \" doesn'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|526fd52d5478ba3b30400d04905d9204972f57f5a12b084d1df0de690c10e526"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/AuthManager.js"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 106447, "scanner": "repobility-threat-engine", "fingerprint": "c2713a55e8deb5fcddd0be4247471f6b6f471352c41a14034921b09c717ebb60", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'?client_id='\n            + clientId + '&redirect_uri=https://'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c2713a55e8deb5fcddd0be4247471f6b6f471352c41a14034921b09c717ebb60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/ProtectedApp.jsx"}, "region": {"startLine": 169}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 106446, "scanner": "repobility-threat-engine", "fingerprint": "8c664bcfb38774f3b18fd2b1d64fefc36885b1c833d67197d9ab1554607805cb", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'?response_type=code&client_id='\n            + clientId + '&scope='", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8c664bcfb38774f3b18fd2b1d64fefc36885b1c833d67197d9ab1554607805cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/dev/auth_login.js"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 106499, "scanner": "repobility-threat-engine", "fingerprint": "c3b9ac303b32f0c6fc73c59fc17df9ba5bf12e1cfe500dc01a5654f34ccb452c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3b9ac303b32f0c6fc73c59fc17df9ba5bf12e1cfe500dc01a5654f34ccb452c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Base/Errors/ResourceNotFoundError.tsx"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED018", "level": "none", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 106491, "scanner": "repobility-threat-engine", "fingerprint": "3691d972339eddd32cdac26670107028f572c698ee3bcbe7d18ca9b99816d6d9", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'spec\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3691d972339eddd32cdac26670107028f572c698ee3bcbe7d18ca9b99816d6d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Create/CreateAPIWithAI/components/AlertDialog.tsx"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 106474, "scanner": "repobility-threat-engine", "fingerprint": "ab6d223a27ba79d8477783e1e92bad5be72120396f2371cb806e6964f7e5eaa8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ab6d223a27ba79d8477783e1e92bad5be72120396f2371cb806e6964f7e5eaa8", "aggregated_count": 28}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106473, "scanner": "repobility-threat-engine", "fingerprint": "dcfc4dd8524dafaf65ba8fdb9431eb6ef2182cb2310f71eceee536dfa4a160ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dcfc4dd8524dafaf65ba8fdb9431eb6ef2182cb2310f71eceee536dfa4a160ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiChat/components/SampleQueryCard.tsx"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106472, "scanner": "repobility-threat-engine", "fingerprint": "a1e4f5633d9ef4fec8d5bbd27ed2ad14f8857b70745f5ed83f2b3b02091c3e81", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1e4f5633d9ef4fec8d5bbd27ed2ad14f8857b70745f5ed83f2b3b02091c3e81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiChat/components/ApiChatPoweredBy.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 106471, "scanner": "repobility-threat-engine", "fingerprint": "f4732b461908232b1bb3cd74f4fc0f3284074e69e86e5ec31f8d3dd12f19a46c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4732b461908232b1bb3cd74f4fc0f3284074e69e86e5ec31f8d3dd12f19a46c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiChat/components/ApiChatBanner.tsx"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 106469, "scanner": "repobility-threat-engine", "fingerprint": "781219ee48c59486d780877829c9169928fcedcbec550181d331d15cc72aa283", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|781219ee48c59486d780877829c9169928fcedcbec550181d331d15cc72aa283", "aggregated_count": 1}}}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 106468, "scanner": "repobility-threat-engine", "fingerprint": "02f0cfd9b791fe31accbc62a96f595a00e3b276c4b48cb249c00ffa48304b3c9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02f0cfd9b791fe31accbc62a96f595a00e3b276c4b48cb249c00ffa48304b3c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Login/RedirectToLogin.jsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 106467, "scanner": "repobility-threat-engine", "fingerprint": "9d58bbc5f01bb35b19053286a48c25e1c1637836535d71c93a5e9b37bdb2289d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d58bbc5f01bb35b19053286a48c25e1c1637836535d71c93a5e9b37bdb2289d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/View.jsx"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 106466, "scanner": "repobility-threat-engine", "fingerprint": "07a19ad386cc182d109d62cca201ca19c58e823e28b4649ed62d22927e7fd9dc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|07a19ad386cc182d109d62cca201ca19c58e823e28b4649ed62d22927e7fd9dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/Shared/RedirectToLogin.jsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 106465, "scanner": "repobility-threat-engine", "fingerprint": "2c70858513a819caacd27463c7307b24136f31ddb890d37c89103edd8baf7e84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c70858513a819caacd27463c7307b24136f31ddb890d37c89103edd8baf7e84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/RolePermissions/AdminTable/AdminTableBody.jsx"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 106464, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 106460, "scanner": "repobility-threat-engine", "fingerprint": "096fa48694b4a1c57a8681774bdde0e3aec078918a387df3612d98523e35afd3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|096fa48694b4a1c57a8681774bdde0e3aec078918a387df3612d98523e35afd3", "aggregated_count": 7}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 106459, "scanner": "repobility-threat-engine", "fingerprint": "4ad1b64e9a8bed0ef069b5a636fed161e49f1fbc4763ee69b37204affd662ee5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ad1b64e9a8bed0ef069b5a636fed161e49f1fbc4763ee69b37204affd662ee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/GovernanceAPIClient.js"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 106458, "scanner": "repobility-threat-engine", "fingerprint": "a1b171c7eb2d0c994a048af7ee52836f72d9e102ba2cf288492c4cfb127cc6e1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1b171c7eb2d0c994a048af7ee52836f72d9e102ba2cf288492c4cfb127cc6e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/APIClient.js"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 106457, "scanner": "repobility-threat-engine", "fingerprint": "1a707c502d4f5c7f6a01a132ada391356b8b2a10e6f419a229a5ea4d483b97e1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a707c502d4f5c7f6a01a132ada391356b8b2a10e6f419a229a5ea4d483b97e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/dev/auth_login.js"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "properties": {"repobilityId": 106456, "scanner": "repobility-threat-engine", "fingerprint": "9badea7fe33b488ef199af23745bf3df7834c2c9eaf2dfef7251c6b2fc545ae0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9badea7fe33b488ef199af23745bf3df7834c2c9eaf2dfef7251c6b2fc545ae0", "aggregated_count": 79}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106455, "scanner": "repobility-threat-engine", "fingerprint": "2b7b3b7dbf65e2d200355c3b4db33ff251f0b0757d14ea13efc579d5cccfe148", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b7b3b7dbf65e2d200355c3b4db33ff251f0b0757d14ea13efc579d5cccfe148"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/ProtectedApp.jsx"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106454, "scanner": "repobility-threat-engine", "fingerprint": "e744838cf9b8a7dc96be9270e11c9dda7d283b8d2f71faaefa1201f090c1f64e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e744838cf9b8a7dc96be9270e11c9dda7d283b8d2f71faaefa1201f090c1f64e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/Admin.jsx"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106453, "scanner": "repobility-threat-engine", "fingerprint": "ed6ff1d600bd25e2e331187db2fd125dfc024b4d5adaeaf9e8e74a8929d132e1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed6ff1d600bd25e2e331187db2fd125dfc024b4d5adaeaf9e8e74a8929d132e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/dev/auth_login.js"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 106449, "scanner": "repobility-threat-engine", "fingerprint": "097d27b2deaca55861bf7fc2fde9b3c1ab45a5a98b541bd572ee8991d2ed26b1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|097d27b2deaca55861bf7fc2fde9b3c1ab45a5a98b541bd572ee8991d2ed26b1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 106445, "scanner": "repobility-threat-engine", "fingerprint": "2d84c1fa3f1809d4801d0089e312602767abb0ae8515fefce419706fac4cac74", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2d84c1fa3f1809d4801d0089e312602767abb0ae8515fefce419706fac4cac74"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 106444, "scanner": "repobility-threat-engine", "fingerprint": "46d00f0a272ead46129d9f5958cb8bfec807ec8d7384edea7b9fcd017b3617bc", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.warn('The user with ' + partialToken + \" doesn't enough have permission!\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|console.warn the user with + partialtoken + doesn t enough have permission"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/AuthManager.js"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 106443, "scanner": "repobility-threat-engine", "fingerprint": "59f3b127da70037609353f73fcc4fc9e1015b3755c0347592e2eab1591b52e94", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('Error occurred while checking token status. Hence redirecting to login', error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|13|console.error error occurred while checking token status. hence redirecting to login error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/APIClient.js"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 106442, "scanner": "repobility-threat-engine", "fingerprint": "88c57d3bb5f3e40d8a16208efef8ed28abf1c0ad593955fa500f14450b211913", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log('OAuth token generated !')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|5|console.log oauth token generated"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/dev/auth_login.js"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 106441, "scanner": "repobility-threat-engine", "fingerprint": "133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "aggregated_count": 4}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 106440, "scanner": "repobility-threat-engine", "fingerprint": "d44017b2629906fa07b57e52f5d10cabcc2cf0f9400a8d7f15d9b18eb176d3e9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d44017b2629906fa07b57e52f5d10cabcc2cf0f9400a8d7f15d9b18eb176d3e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/.eslintrc.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 106439, "scanner": "repobility-threat-engine", "fingerprint": "01ffd8aabb544b934fc87a35742416a82b8a193998d8e8b0ca5a51230446ed65", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01ffd8aabb544b934fc87a35742416a82b8a193998d8e8b0ca5a51230446ed65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AdvancedSettings/TenantConfSave.jsx"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 106438, "scanner": "repobility-threat-engine", "fingerprint": "43bf53ee51b717232e6aa1baf636cebf8511ed9277a996806be490c33a375673", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43bf53ee51b717232e6aa1baf636cebf8511ed9277a996806be490c33a375673"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/.eslintrc.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 106437, "scanner": "repobility-threat-engine", "fingerprint": "0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106542, "scanner": "repobility-supply-chain", "fingerprint": "b9291849728e653d26303ec664e19737cda1a7182c3a969f98e6f3110c2fa414", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9291849728e653d26303ec664e19737cda1a7182c3a969f98e6f3110c2fa414"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106541, "scanner": "repobility-supply-chain", "fingerprint": "e369e6a645c1f71db9bc09c30c88a76f587a5dd7db39a539af330e8119e43310", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e369e6a645c1f71db9bc09c30c88a76f587a5dd7db39a539af330e8119e43310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106540, "scanner": "repobility-supply-chain", "fingerprint": "a1096c9790eb7f511fab1cd0312e78ff72c50bc10418ef2e27aebd4774ebd9ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1096c9790eb7f511fab1cd0312e78ff72c50bc10418ef2e27aebd4774ebd9ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `cypress-io/github-action` pinned to mutable ref `@v7`: `uses: cypress-io/github-action@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106539, "scanner": "repobility-supply-chain", "fingerprint": "a4a9bd40a1fbe157de4a57676b65fa62b9e648d04f804e72cd0aabdef00c0fd9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a4a9bd40a1fbe157de4a57676b65fa62b9e648d04f804e72cd0aabdef00c0fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106538, "scanner": "repobility-supply-chain", "fingerprint": "bea90420cbabd8996b548819fcd38ab7067794224dc957493aec8008377aae30", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bea90420cbabd8996b548819fcd38ab7067794224dc957493aec8008377aae30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v3`: `uses: actions/cache@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106537, "scanner": "repobility-supply-chain", "fingerprint": "d416d059eeb294d6ff923cf00610b1f5fbeed9f5b884ec52eed89448fa98d2fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d416d059eeb294d6ff923cf00610b1f5fbeed9f5b884ec52eed89448fa98d2fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106536, "scanner": "repobility-supply-chain", "fingerprint": "d82bb49fe4393ebb89b3ee9bbfa058bf596b60c7e912082914c26be485e6ebe4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d82bb49fe4393ebb89b3ee9bbfa058bf596b60c7e912082914c26be485e6ebe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v4`: `uses: actions/setup-java@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106535, "scanner": "repobility-supply-chain", "fingerprint": "faa7fbc3f9aa54cadeba1bf99c7034637c27525eee6922ad4cd8e457df098174", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|faa7fbc3f9aa54cadeba1bf99c7034637c27525eee6922ad4cd8e457df098174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106534, "scanner": "repobility-supply-chain", "fingerprint": "55294ab3b9d235053062a532f41260cb5c63beae1b599cda6d491ba4a9aea59e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|55294ab3b9d235053062a532f41260cb5c63beae1b599cda6d491ba4a9aea59e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ui-test.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v3`: `uses: actions/cache@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106533, "scanner": "repobility-supply-chain", "fingerprint": "9be0ef45dd91737af745f0fba124a788df48938edecade039bba9fb0890a4975", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9be0ef45dd91737af745f0fba124a788df48938edecade039bba9fb0890a4975"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106532, "scanner": "repobility-supply-chain", "fingerprint": "363f230bd5ce2e67c17a2f36b8e68bd55b2d94dd5e9db9ce0b7e926b5142e98d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|363f230bd5ce2e67c17a2f36b8e68bd55b2d94dd5e9db9ce0b7e926b5142e98d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v4`: `uses: actions/setup-java@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106531, "scanner": "repobility-supply-chain", "fingerprint": "a136c14c830cd97128165639441c7f92691ff1a01ca48315fd210bb7f9af0f02", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a136c14c830cd97128165639441c7f92691ff1a01ca48315fd210bb7f9af0f02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 106530, "scanner": "repobility-supply-chain", "fingerprint": "61bd269b11915164338bb9fcab484ee4d118f4c5fe163bd4e0dfbe180bdaaf43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61bd269b11915164338bb9fcab484ee4d118f4c5fe163bd4e0dfbe180bdaaf43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 106498, "scanner": "repobility-threat-engine", "fingerprint": "edb6171f0aa475dc56603cfc2a2d5ae95ae65e7d8a32f4dd798237e442e36a0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|edb6171f0aa475dc56603cfc2a2d5ae95ae65e7d8a32f4dd798237e442e36a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Resources/components/operationComponents/asyncapi/SubscriptionConfig.jsx"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 106495, "scanner": "repobility-threat-engine", "fingerprint": "00ea957d31c21465a8fe4f2bda07774acba20f64f0272cb94785cf17f7a77892", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(inputValue", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|00ea957d31c21465a8fe4f2bda07774acba20f64f0272cb94785cf17f7a77892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/GoTo/Components/GoToSuggestions.jsx"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 106494, "scanner": "repobility-threat-engine", "fingerprint": "f53a92527817ab92379cad54bffe698cb7bf89d33a9246fa775380b75aadf5f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(pattern", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f53a92527817ab92379cad54bffe698cb7bf89d33a9246fa775380b75aadf5f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Shared/AppsAndKeys/constraintValidator.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 106480, "scanner": "repobility-threat-engine", "fingerprint": "030707dd3c732b258281d6ebebf2ebc189bfe571ed75445c9d57115875859214", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(userQuery", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|030707dd3c732b258281d6ebebf2ebc189bfe571ed75445c9d57115875859214"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Base/Header/headersearch/SearchParser.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 106479, "scanner": "repobility-threat-engine", "fingerprint": "93c8a315ba301a4376a5e8c4639783a0a243a9774ca0aa1920ed81396b6e783f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(contentDisposition", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|93c8a315ba301a4376a5e8c4639783a0a243a9774ca0aa1920ed81396b6e783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/View.jsx"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 106478, "scanner": "repobility-threat-engine", "fingerprint": "860551c0df7ff443d2aeb95e0cb5cc1b0e0de708cd12006e475655a7f330a8ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(rem", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|860551c0df7ff443d2aeb95e0cb5cc1b0e0de708cd12006e475655a7f330a8ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiConsole/curlSyntaxHighlight.jsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106463, "scanner": "repobility-threat-engine", "fingerprint": "e6476d64c4d84da6f65dfbfb9ed5c4d0d967cea879e6f8c88008f402600b88d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e6476d64c4d84da6f65dfbfb9ed5c4d0d967cea879e6f8c88008f402600b88d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Credentials/Wizard/CreateAppStep.jsx"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106462, "scanner": "repobility-threat-engine", "fingerprint": "0607ba2e90857ad1d6456ea2f59b4b9114a5733623ca75ed27c1981e058babc2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this._APIClientMap.delete(environmentLabel + '_' + clientType);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0607ba2e90857ad1d6456ea2f59b4b9114a5733623ca75ed27c1981e058babc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/data/APIClientFactory.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 106461, "scanner": "repobility-threat-engine", "fingerprint": "b8917873cc904d924276a3ed1f6dd7f1ca3b86efc87e1b4d57df8b299cd1f889", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b8917873cc904d924276a3ed1f6dd7f1ca3b86efc87e1b4d57df8b299cd1f889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/AdvancedSettings/TenantConfSave.jsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 106452, "scanner": "repobility-threat-engine", "fingerprint": "eeaf4a1ace081d444d192648ed0d38397f3dafaff8ddce851cf561d50edeb86f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eeaf4a1ace081d444d192648ed0d38397f3dafaff8ddce851cf561d50edeb86f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/services/dev_proxy/auth_login.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 106451, "scanner": "repobility-threat-engine", "fingerprint": "9e3ca70bd7c89ed39845b18f8bcaba02f710a7cb507a0c3958b043613b15dd99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e3ca70bd7c89ed39845b18f8bcaba02f710a7cb507a0c3958b043613b15dd99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/dev/webpack/auth_login.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 106450, "scanner": "repobility-threat-engine", "fingerprint": "716c09045feb70ec1f1418602f6070c71a5d49232995cb1885cc95295ca74d0e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|716c09045feb70ec1f1418602f6070c71a5d49232995cb1885cc95295ca74d0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/dev/auth_login.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106436, "scanner": "repobility-threat-engine", "fingerprint": "7957d7c041dfe381d590031ff671209b36bba074ca25e9b440f26748dfd2ae87", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7957d7c041dfe381d590031ff671209b36bba074ca25e9b440f26748dfd2ae87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/PlatformGatewayUtils.js"}, "region": {"startLine": 212}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106435, "scanner": "repobility-threat-engine", "fingerprint": "cb1775d85020fc7125f88e13de22b31b683a78311c855627258d0b27732dea68", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cb1775d85020fc7125f88e13de22b31b683a78311c855627258d0b27732dea68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/webapp/source/src/app/components/GatewayEnvironments/PlatformGatewaySuccessView.jsx"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 106434, "scanner": "repobility-threat-engine", "fingerprint": "0e0661d6100b7fcadc4b1942ab086db918bc50c50ad12ee19de8bc98c13c5cff", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0e0661d6100b7fcadc4b1942ab086db918bc50c50ad12ee19de8bc98c13c5cff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/admin/src/main/java/org/wso2/carbon/apimgt/ui/admin/Util.java"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 106492, "scanner": "repobility-threat-engine", "fingerprint": "2a8ba57958036cf7460fc3e3260ed6be6a9863a48fed1a32d843204d46e48b2d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a8ba57958036cf7460fc3e3260ed6be6a9863a48fed1a32d843204d46e48b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 106490, "scanner": "repobility-threat-engine", "fingerprint": "b40fc543fe0716db2b1266169ea490287f8de1b542082b7445b88b44cc3d7e37", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b40fc543fe0716db2b1266169ea490287f8de1b542082b7445b88b44cc3d7e37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 106489, "scanner": "repobility-threat-engine", "fingerprint": "7f1fe5b722c04e90670bbe0dc433b498197ed09d2dd359d8eb4fa80269c5966b", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|36|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 106488, "scanner": "repobility-threat-engine", "fingerprint": "b25852ab126ad1c2457c5f3555a0557483471b2b42e471464f9baec68fef18b4", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|172|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Create/CreateAPIWithAI/components/AlertDialog.tsx"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 106487, "scanner": "repobility-threat-engine", "fingerprint": "cc665adbfc9f8b8a0cb7a421a6d4a5b58a6d9c9f304f352d21692a547bab7f70", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|49|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 106486, "scanner": "repobility-threat-engine", "fingerprint": "2ec82e3c9e1d430ca46df55136a0f97996475a8e0f235323cd54b45bae826548", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(response.data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2ec82e3c9e1d430ca46df55136a0f97996475a8e0f235323cd54b45bae826548"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 106485, "scanner": "repobility-threat-engine", "fingerprint": "6e4912e879ecd6774f2f7eccb266720bd8a05552433f5fe93d549e7da921a8e0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(spec)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6e4912e879ecd6774f2f7eccb266720bd8a05552433f5fe93d549e7da921a8e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/publisher/src/main/webapp/source/src/app/components/Apis/Create/CreateAPIWithAI/components/AlertDialog.tsx"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 106484, "scanner": "repobility-threat-engine", "fingerprint": "04e45af482c2a8f44423535225cccb974464e942f3c2c8a973442296524b2055", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(response.data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|04e45af482c2a8f44423535225cccb974464e942f3c2c8a973442296524b2055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/Documents/GenerateDocument.jsx"}, "region": {"startLine": 49}}}]}]}]}