CRIT
MINED107[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(..…
tools/ply/ply-3.4/example/BASIC/basinte…:363
CRIT
MINED107[MINED107] Missing import: `base64` used but not imported: The file uses `base64.somethin…
api/library/python/iterm2/iterm2/bindin…:143
CRIT
MINED107[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(..…
api/library/python/iterm2/iterm2/auth.py:146
CRIT
MINED107[MINED107] Missing import: `sys` used but not imported: The file uses `sys.something(...)…
api/library/python/iterm2/gen_mainmenu.…:22
CRIT
MINED107[MINED107] Missing import: `string` used but not imported: The file uses `string.somethin…
api/library/python/iterm2/gen_profile.py:1019
CRIT
MINED022[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.
sources/Tasks/iTermFileDescriptorMultiC…:60
CRIT
MINED035[MINED035] Js New Function: new Function(...) compiles strings to functions.
WebExtensionsFramework/Resources/JavaSc…:49
HIGH
MINED108[MINED108] `self.y` used but never assigned in __init__: Method `dict` of class `Point` r…
api/library/python/iterm2/iterm2/util.py:118
HIGH
MINED108[MINED108] `self.x` used but never assigned in __init__: Method `dict` of class `Point` r…
api/library/python/iterm2/iterm2/util.py:118
HIGH
MINED108[MINED108] `self.y` used but never assigned in __init__: Method `__repr__` of class `Poin…
api/library/python/iterm2/iterm2/util.py:88
HIGH
MINED108[MINED108] `self.x` used but never assigned in __init__: Method `__repr__` of class `Poin…
api/library/python/iterm2/iterm2/util.py:88
HIGH
MINED108[MINED108] `self.height` used but never assigned in __init__: Method `proto` of class `Si…
api/library/python/iterm2/iterm2/util.py:69
HIGH
MINED108[MINED108] `self.width` used but never assigned in __init__: Method `proto` of class `Siz…
api/library/python/iterm2/iterm2/util.py:68
HIGH
MINED108[MINED108] `self.dict` used but never assigned in __init__: Method `json` of class `Size`…
api/library/python/iterm2/iterm2/util.py:62
HIGH
MINED108[MINED108] `self.height` used but never assigned in __init__: Method `load_from_dict` of …
api/library/python/iterm2/iterm2/util.py:55
HIGH
MINED108[MINED108] `self.width` used but never assigned in __init__: Method `load_from_dict` of c…
api/library/python/iterm2/iterm2/util.py:54
HIGH
MINED108[MINED108] `self.height` used but never assigned in __init__: Method `dict` of class `Siz…
api/library/python/iterm2/iterm2/util.py:48
HIGH
MINED108[MINED108] `self.width` used but never assigned in __init__: Method `dict` of class `Size…
api/library/python/iterm2/iterm2/util.py:48
HIGH
MINED108[MINED108] `self.emit_impl` used but never assigned in __init__: Method `emit` of class `…
api/library/python/iterm2/gen_mainmenu.…:44
HIGH
MINED108[MINED108] `self.emit_impl` used but never assigned in __init__: Method `emit` of class `…
api/library/python/iterm2/gen_mainmenu.…:39
HIGH
MINED108[MINED108] `self.emit` used but never assigned in __init__: Method `_scan_sync` of class …
OtherResources/framer.py:1103
HIGH
MINED108[MINED108] `self._scan_sync` used but never assigned in __init__: Method `mainloop` of cl…
OtherResources/framer.py:1077
HIGH
MINED108[MINED108] `self.read_forever` used but never assigned in __init__: Method `handle_read` …
OtherResources/framer.py:268
HIGH
MINED108[MINED108] `self.read_forever` used but never assigned in __init__: Method `handle_read` …
OtherResources/framer.py:266
HIGH
MINED108[MINED108] `self.wait` used but never assigned in __init__: Method `cleanup` of class `Pr…
OtherResources/framer.py:208
HIGH
MINED108[MINED108] `self.pid` used but never assigned in __init__: Method `cleanup` of class `Pro…
OtherResources/framer.py:202
HIGH
MINED108[MINED108] `self.pid` used but never assigned in __init__: Method `cleanup` of class `Pro…
OtherResources/framer.py:192
HIGH
MINED108[MINED108] `self.value` used but never assigned in __init__: Method `reset` of class `ANS…
tests/osc4-and-friends.py:52
HIGH
MINED108[MINED108] `self.name` used but never assigned in __init__: Method `set` of class `Dynami…
tests/osc4-and-friends.py:31
HIGH
MINED108[MINED108] `self.value` used but never assigned in __init__: Method `set` of class `Dynam…
tests/osc4-and-friends.py:32
HIGH
MINED108[MINED108] `self.name` used but never assigned in __init__: Method `reset` of class `Dyna…
tests/osc4-and-friends.py:27
HIGH
MINED108[MINED108] `self.value` used but never assigned in __init__: Method `reset` of class `Dyn…
tests/osc4-and-friends.py:28
HIGH
SEC085[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in…
sources/Browser/WebViewAdditions/extend…:11
HIGH
SEC083[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can c…
sources/Browser/Marks/extract-text-frag…:95
HIGH
SEC021[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling…
iTermAI/build.sh:3
HIGH
MINED001[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e…
api/library/python/iterm2/iterm2/focus.…:189
HIGH
MINED001[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e…
api/library/python/iterm2/iterm2/custom…:81
HIGH
MINED001[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e…
api/library/python/iterm2/iterm2/auth.py:16
HIGH
SEC103[SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA…
api/library/python/iterm2/iterm2/auth.py:62
HIGH
SEC040[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w…
sources/Browser/History/history-page.js:166
HIGH
SEC040[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w…
WebExtensionsFramework/test-extensions/…:19
HIGH
SEC040[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w…
WebExtensionsFramework/test-extensions/…:27
HIGH
MINED038[MINED038] Swift Try Bang: try! crashes on thrown error. Use try? or do/catch.
WebExtensionsFramework/Sources/BrowserE…:64
HIGH
MINED038[MINED038] Swift Try Bang: try! crashes on thrown error. Use try? or do/catch.
WebExtensionsFramework/Shared/BrowserEx…:86
HIGH
MINED038[MINED038] Swift Try Bang: try! crashes on thrown error. Use try? or do/catch.
ModernTests/TriggerNullCharacterTests.s…:53
HIGH
MINED012[MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
sources/ShellIntegrationInstaller/iTerm…:35
HIGH
MINED012[MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
ModernTests/iTermArrangementTrustGateTe…:74
HIGH
SEC029[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT…
ModernTests/NSStringShellEscapeTests.sw…:51
HIGH
SEC029[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT…
ModernTests/AISafetyRefusalParserTests.…:267
HIGH
SEC029[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT…
ModernTests/AIMetadataFixtureCoverageTe…:90
HIGH
SEC128[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call …
WebExtensionsFramework/test-extensions/…:47
HIGH
SEC128[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call …
ModernTests/iTermNonASCIIStringTest.swi…:132
HIGH
SEC128[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call …
BetterFontPicker/BetterFontPicker/Syste…:32
HIGH
MINED008[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let.
ModernTests/SaveScreenWhenCursorMovesAb…:37
HIGH
MINED008[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let.
ModernTests/PathTests.swift:23
HIGH
MINED008[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let.
BetterFontPicker/BetterFontPicker/Affor…:106
HIGH
MINED115[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/u…
.github/workflows/test.yml:103
HIGH
MINED115[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout…
.github/workflows/test.yml:41
HIGH
MINED115[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu…
.github/workflows/test.yml:18
HIGH
MINED115[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout…
.github/workflows/test.yml:15
HIGH
SEC020[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-b…
sources/Browser/FindOnPage/find-api.js:21
MED
MINED109[MINED109] Mutable default argument in `parse` (dict): `def parse(... = []/{}/set())` — P…
tools/ply/ply-3.4/ply/cpp.py:855
MED
MINED109[MINED109] Mutable default argument in `async_get_default` (list): `def async_get_default…
api/library/python/iterm2/iterm2/profil…:6561
MED
MINED109[MINED109] Mutable default argument in `async_query` (list): `def async_query(... = []/{}…
api/library/python/iterm2/iterm2/profil…:6527
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
api/library/python/iterm2/iterm2/auth.py:152
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
api/library/python/iterm2/iterm2/auth.py:5
MED
MINED109[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set()…
api/library/python/iterm2/iterm2/tab.py:47
MED
MINED109[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set()…
api/library/python/iterm2/iterm2/status…:182
MED
MINED109[MINED109] Mutable default argument in `async_subscribe_to_server_originated_rpc_notifica…
api/library/python/iterm2/iterm2/notifi…:295
MED
MINED109[MINED109] Mutable default argument in `async_subscribe_to_server_originated_rpc_notifica…
api/library/python/iterm2/iterm2/notifi…:295
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1345
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1244
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1227
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1218
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1208
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1198
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1190
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1181
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1172
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1157
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1026
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:1008
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:911
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:894
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
OtherResources/framer.py:713
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
tests/slowcat.py:38
MED
MINED109[MINED109] Mutable default argument in `osc` (list): `def osc(... = []/{}/set())` — Pytho…
tests/osc4-and-friends.py:7
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
tools/basechars.py:39
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
tools/emoji.py:238
MED
MINED111[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r…
tools/analyze_restorable_state.py:47
MED
SEC136[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti…
sources/Browser/PageSaver/extract-resou…:10
MED
SEC134[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum…
iTerm2XCTests/iTermPreferencesSearchTes…:25
MED
SEC015[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. …
WebExtensionsFramework/test-extensions/…:71
MED
ERR002[ERR002] Empty Catch Block: Empty catch blocks hide errors.
sources/Browser/Core/cloak-page-world.js:34
MED
ERR002[ERR002] Empty Catch Block: Empty catch blocks hide errors.
sources/Browser/CopyMode/copy-mode-util…:128
MED
ERR002[ERR002] Empty Catch Block: Empty catch blocks hide errors.
WebExtensionsFramework/Resources/JavaSc…:147
MED
SEC045[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even …
sources/Browser/WebViewAdditions/extend…:11
MED
SEC045[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even …
WebExtensionsFramework/Resources/JavaSc…:49
MED
MINED124[MINED124] requirements.txt: `types-protobuf` has no version pin: Unpinned pip requiremen…
api/library/python/iterm2/requirements-…:6
MED
AGT015Remote install command pipes network code directly to a shell
README.md:79
LOW
SEC132[SEC132] String concat where the language has interpolation (AI style drift): String buil…
sources/RegexVisualization/SVGViewContr…:54
LOW
SEC132[SEC132] String concat where the language has interpolation (AI style drift): String buil…
sources/Formatting/HTMLEncoding.swift:39
LOW
COMP001[COMP001] High cognitive complexity: Function `emit` has cognitive complexity 8 (SonarSou…
api/library/python/iterm2/gen_mainmenu.…:36
LOW
COMP001[COMP001] High cognitive complexity: Function `search_container` has cognitive complexity…
api/library/python/iterm2/gen_mainmenu.…:6
LOW
COMP001[COMP001] High cognitive complexity: Function `search_container` has cognitive complexity…
api/library/python/iterm2/docs/generate…:6
LOW
AIC003Duplicated implementation block across source files
ThirdParty/BTree/SortedSet.swift:26
LOW
AIC003Duplicated implementation block across source files
ThirdParty/BTree/SortedBag.swift:29
LOW
AIC003Duplicated implementation block across source files
ThirdParty/BTree/Map.swift:105
LOW
AIC003Duplicated implementation block across source files
ThirdParty/BTree/BTreeIterator.swift:73
LOW
AIC003Duplicated implementation block across source files
ThirdParty/BTree/BTreeIndex.swift:118
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:1
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:11
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:286
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:102
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:19
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:1
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:38
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:160
LOW
AIC003Duplicated implementation block across source files
SearchableComboListView/SearchableCombo…:1
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermSubStringTests.swift:202
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermSubStringTests.swift:201
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermSubStringTests.swift:198
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermRopeTest.swift:358
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermRopeTest.swift:357
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermMutableRopeTest.swift:61
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermLegacyStyleStringTest.…:231
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermLegacyMutableStringTes…:6
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermLazyLoadingTests.swift:216
LOW
AIC003Duplicated implementation block across source files
ModernTests/iTermASCIIStringTest.swift:4
LOW
AIC003Duplicated implementation block across source files
ModernTests/SubexpressionTests.swift:4
LOW
AIC003Duplicated implementation block across source files
ModernTests/IndirectValueTests.swift:4
LOW
AIC003Duplicated implementation block across source files
ColorPicker/ColorPicker/CPKPopover.h:1
LOW
AIC003Duplicated implementation block across source files
ColorPicker/ColorPicker/CPKMainViewCont…:1
LOW
AIC003Duplicated implementation block across source files
ColorPicker/ColorPicker/CPKColorWell.h:1
LOW
AIC003Duplicated implementation block across source files
BetterFontPicker/BetterFontPicker/FontF…:76
LOW
WEB005robots.txt does not advertise a sitemap
WebExtensionsFramework/test-extensions/…
INFO
MINED042[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri…
sources/MetalRenderer/Renderers/iTermTe…:122
INFO
MINED042[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri…
sources/Infrastructure/iTermTaskQueue.mm:73
INFO
MINED075[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo…
sources/Tasks/iTermClientServerProtocol…:36
INFO
MINED075[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo…
sources/MetalRenderer/iTermBackgroundCo…:80
INFO
MINED075[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo…
sources/Infrastructure/iTermMalloc.m:20
INFO
MINED077[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.
api/library/python/iterm2/setup.py:10
INFO
MINED072[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.
api/library/python/iterm2/iterm2/auth.py:16
INFO
MINED050[MINED050] Stub Only Function: Function declared but body is just pass, return None, rais…
api/library/python/iterm2/iterm2/color.…:16
INFO
MINED050[MINED050] Stub Only Function: Function declared but body is just pass, return None, rais…
api/library/python/iterm2/iterm2/auth.py:17
INFO
MINED050[MINED050] Stub Only Function: Function declared but body is just pass, return None, rais…
api/library/python/iterm2/docs/generate…:67
INFO
MINED044[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger …
WebExtensionsFramework/Resources/JavaSc…:27
INFO
MINED044[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger …
WebExtensionsFramework/Resources/JavaSc…:49
INFO
MINED044[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger …
WebExtensionsFramework/Resources/JavaSc…:40
INFO
MINED043[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr…
sources/Browser/CopyMode/copy-mode-curs…:49
INFO
MINED043[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr…
api/library/python/iterm2/setup.py:28
INFO
MINED043[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr…
api/library/python/iterm2/docs/conf.py:48
INFO
MINED098[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global win…
sources/Browser/AudioMuting/monitor-pla…:230
INFO
MINED098[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global win…
sources/AppLaunch/iTermOnboardingWindow…:146
INFO
MINED098[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global win…
ColorPicker/ColorPicker/CPKEyedropperWi…:83
INFO
MINED045[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError …
SignedArchive/SignedArchive/SIGArchiveB…:62
INFO
MINED045[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError …
ColorPicker/ColorPicker/CPKMainViewCont…:60
INFO
MINED045[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError …
ColorPicker/ColorPicker/CPKEyedropperWi…:69
INFO
MINED048[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.
ColorPicker/ColorPicker/CPKColorNamer.m:12
INFO
MINED048[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.
ColorPicker/ColorPicker/CPKColorCompone…:8
INFO
MINED048[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.
ColorPicker/ColorPicker/CPKAlphaSliderV…:7
