{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/259"}, "properties": {"repository": "RhysSullivan/executor", "repoUrl": "https://github.com/RhysSullivan/executor", "branch": "main"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 8112, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 8106, "scanner": "repobility-threat-engine", "fingerprint": "d885a919102c5a9474f31c65d17a7aaf75a34403ab23e3871bbfed679e432376", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d885a919102c5a9474f31c65d17a7aaf75a34403ab23e3871bbfed679e432376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/scripts/smoke-sidecar.ts"}, "region": {"startLine": 212}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 8105, "scanner": "repobility-threat-engine", "fingerprint": "53ffa41ec84cbe9529ab5750dc15ae9e13033f200e4ee4cf2048e94430058a7f", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD = \"<redacted>\"", "reason": "Low entropy value (3.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|3|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/scripts/smoke-sidecar.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8099, "scanner": "repobility-ai-code-hygiene", "fingerprint": "810d2cfafd752a0fe171b360f00fe88b2003803e8dcb4365ca9537eba4123901", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/plugins/graphql/src/react/EditGraphqlSource.tsx", "duplicate_line": 14, "correlation_key": "fp|810d2cfafd752a0fe171b360f00fe88b2003803e8dcb4365ca9537eba4123901"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugins/mcp/src/react/EditMcpSource.tsx"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8098, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e564f70ead0cd198a6fc8265788842a1d40015e338ddc46e9b5fc7934b778832", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/execution/tsup.config.ts", "duplicate_line": 1, "correlation_key": "fp|e564f70ead0cd198a6fc8265788842a1d40015e338ddc46e9b5fc7934b778832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugins/keychain/tsup.config.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8097, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5595aca99f48112bb7a526aa843572693586b0cb7ca6ee40a0526762b20d2b3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/plugins/google-discovery/src/sdk/binding-store.ts", "duplicate_line": 148, "correlation_key": "fp|f5595aca99f48112bb7a526aa843572693586b0cb7ca6ee40a0526762b20d2b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugins/graphql/src/sdk/store.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8096, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35acddd27b035256b4ded009f5ad6a17fb393dae149a84c9c2297cc1384f188c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/plugins/graphql/src/react/AddGraphqlSource.tsx", "duplicate_line": 172, "correlation_key": "fp|35acddd27b035256b4ded009f5ad6a17fb393dae149a84c9c2297cc1384f188c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugins/graphql/src/react/EditGraphqlSource.tsx"}, "region": {"startLine": 189}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8095, "scanner": "repobility-ai-code-hygiene", "fingerprint": "361e0ca63e5aa25f51878f7b5fe410d4f2b5700d5d3039d5a5fe3435b4c35da8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/execution/tsup.config.ts", "duplicate_line": 1, "correlation_key": "fp|361e0ca63e5aa25f51878f7b5fe410d4f2b5700d5d3039d5a5fe3435b4c35da8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugins/file-secrets/tsup.config.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8094, "scanner": "repobility-ai-code-hygiene", "fingerprint": "22b4cde1b4eb9feb9391aedd40aea0ffcdca14f10a426bb216ac772ad60f334f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/storage-core/src/testing/memory.ts", "duplicate_line": 140, "correlation_key": "fp|22b4cde1b4eb9feb9391aedd40aea0ffcdca14f10a426bb216ac772ad60f334f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/storage-drizzle/src/adapter.ts"}, "region": {"startLine": 422}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8093, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16a99cf67cd78de09f5b99e0fc3a2d6bbcc34164ab7632a24c8b24b05795a907", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cloud/src/web/shell.tsx", "duplicate_line": 48, "correlation_key": "fp|16a99cf67cd78de09f5b99e0fc3a2d6bbcc34164ab7632a24c8b24b05795a907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/app/src/web/shell.tsx"}, "region": {"startLine": 172}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8092, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c8c810fc0f1c42bb65ffe48230938f5fa9f1c1c0cdbe99b13f08428617beab1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cloud/src/routeTree.gen.ts", "duplicate_line": 23, "correlation_key": "fp|0c8c810fc0f1c42bb65ffe48230938f5fa9f1c1c0cdbe99b13f08428617beab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/app/src/routeTree.gen.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8091, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c532676f53402243490ce84692e35f5e98f2383a9ce84d100a79bb291186bb9d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cloud/autumn.config.ts", "duplicate_line": 1, "correlation_key": "fp|c532676f53402243490ce84692e35f5e98f2383a9ce84d100a79bb291186bb9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "autumn.config.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8090, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dec6b97a2a5f8eb95877c70c8e67bcf706d4350c2978e21de7fb423c58f466ce", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cloud/src/services/executor-schema.ts", "duplicate_line": 132, "correlation_key": "fp|dec6b97a2a5f8eb95877c70c8e67bcf706d4350c2978e21de7fb423c58f466ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/local/src/server/executor-schema.ts"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8089, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85dec6c581c3232a61695965dfec58a8ca7b116de4f0a4d42ddefd1aedd49310", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cli/src/build.ts", "duplicate_line": 159, "correlation_key": "fp|85dec6c581c3232a61695965dfec58a8ca7b116de4f0a4d42ddefd1aedd49310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/scripts/build-sidecar.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8088, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d253f8ab57b67d91a71f6e45f8798c9dadf7d3e489401301600bc9be823ccd55", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/cloud/src/routes/billing_.plans.tsx", "duplicate_line": 343, "correlation_key": "fp|d253f8ab57b67d91a71f6e45f8798c9dadf7d3e489401301600bc9be823ccd55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cloud/src/web/components/support-options.tsx"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 8110, "scanner": "repobility-threat-engine", "fingerprint": "ed3769a4ea3a3aeb3b1fd74c33a316d9452004c8aff6770390b3265ad0543e09", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ed3769a4ea3a3aeb3b1fd74c33a316d9452004c8aff6770390b3265ad0543e09"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8109, "scanner": "repobility-threat-engine", "fingerprint": "673674eb1c6aacb37df9a5728309c5b46deaa95d89b7038690b94a82755dd359", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|51|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/storage-core/src/factory.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8108, "scanner": "repobility-threat-engine", "fingerprint": "89975a0be131ef6acd888769fd8fd590b2de9768663f913ca8605c9f420f9f7b", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|238|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/react/src/api/atoms.tsx"}, "region": {"startLine": 238}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8107, "scanner": "repobility-threat-engine", "fingerprint": "261a3f1d84f7161612ed5d43a1af675d9d3e9bb5b5632d16ccd5378252db5a13", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|15|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/local/src/server/observability.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 8104, "scanner": "repobility-threat-engine", "fingerprint": "58f2ee71e7c9ae921199cec6bfcd2f60d4d73aaca9c2deec79fc96ae730a9cff", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(\"   Token authentication is enabled.\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|apps/cli/src/main.ts|53|console.log token authentication is enabled."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/src/main.ts"}, "region": {"startLine": 536}}}]}, {"ruleId": "SEC022", "level": "none", "message": {"text": "[SEC022] Database URL With Embedded Credential (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 8103, "scanner": "repobility-threat-engine", "fingerprint": "3f3a0412c6e1f63bf29fb4129984caaefd3c6061dcc576c9a14843b37ebac5d4", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3f3a0412c6e1f63bf29fb4129984caaefd3c6061dcc576c9a14843b37ebac5d4"}}}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 8111, "scanner": "repobility-threat-engine", "fingerprint": "f9c2a415bec8fe775409df261ee174f395fc9c28a643f13c995927d1ad42f349", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"about:blank\", input.popupName, oauthPopupFeatures(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|73|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/react/src/api/oauth-popup.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8102, "scanner": "repobility-threat-engine", "fingerprint": "fd020621328e50e5c1d69241c224c55623c9904a1c5cba6b430fa53526c035fa", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|7|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cloud/src/test-worker.ts"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8101, "scanner": "repobility-threat-engine", "fingerprint": "428339dd09abab892c1baa8ea75753e8380e41c9035fb2df4a25bb317ded6156", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cloud/drizzle.config.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8100, "scanner": "repobility-threat-engine", "fingerprint": "59e5d642864a8f104a7469ac8dd9ce5f5e8bbb8fb7d344f1bdf7a5732663a7b7", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|2|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cloud/vitest.node.config.ts"}, "region": {"startLine": 23}}}]}]}]}