{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE "}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /admin/session/route."}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 28.6% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 28.6% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `frontend` image uses the latest tag", "shortDescription": {"text": "Compose service `frontend` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKR013", "name": "Dockerfile ADD downloads remote content", "shortDescription": {"text": "Dockerfile ADD downloads remote content"}, "fullDescription": {"text": "Use curl/wget with a pinned URL, verify checksum or signature, and prefer COPY for local files."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_cctv_proxy_profile_for_url` has cognitive complexity 23 (SonarSource sca", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_cctv_proxy_profile_for_url` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains,"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 23."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 21 more): Same pattern found in 21 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED009] Floats For Money (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 3 more): Same pattern found in 3 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED065] Cors Wildcard (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 51 more): Same pattern found in 51 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 58 more): Same pattern found in 58 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 58 more): Same pattern found in 58 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 47 more): Same pattern found in 47 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 55 more): Same pattern found in 55 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 36 more): Same pattern found in 36 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT002", "name": "LLM memory extraction can be prompt-injected into storing fake facts", "shortDescription": {"text": "LLM memory extraction can be prompt-injected into storing fake facts"}, "fullDescription": {"text": "Validate extracted facts with a schema, enforce length and count limits, reject code-fence/prompt-looking content, and discard facts that contain instruction-like phrases or raw JSON prompt fragments."}, "properties": {"scanner": "repobility-agent-runtime", "category": "llm_injection", "severity": "high", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC100", "name": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make ", "shortDescription": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "fullDescription": {"text": "Allowlist specific origins. For dynamic per-request validation, validate against a known list and echo the origin back. Never combine wildcard origin with credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/523"}, "properties": {"repository": "BigBodyCobain/Shadowbroker", "repoUrl": "https://github.com/BigBodyCobain/Shadowbroker.git", "branch": "main"}, "results": [{"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30966, "scanner": "repobility-journey-contract", "fingerprint": "d7f75b983ef85649575b77c5cae08638160b5a8b7a51d29a328f3270c2e596a0", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/gate/persona/activate", "correlation_key": "fp|d7f75b983ef85649575b77c5cae08638160b5a8b7a51d29a328f3270c2e596a0", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30965, "scanner": "repobility-journey-contract", "fingerprint": "38e4708af8e9cd06c3becfcca0479561c3f5b3fd0fbe2fa7d4a1c04faa9344c6", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/gate/persona/create", "correlation_key": "fp|38e4708af8e9cd06c3becfcca0479561c3f5b3fd0fbe2fa7d4a1c04faa9344c6", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30964, "scanner": "repobility-journey-contract", "fingerprint": "cd9e8729864cf9ce7228f380405848d93a04263effb86cdcdc830b55c8494068", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/restart", "correlation_key": "fp|cd9e8729864cf9ce7228f380405848d93a04263effb86cdcdc830b55c8494068", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30963, "scanner": "repobility-journey-contract", "fingerprint": "27f2ac268fb972db477e5684cafe1c6934e5d826ab3163ffbd680d9c8741ca19", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/disconnect", "correlation_key": "fp|27f2ac268fb972db477e5684cafe1c6934e5d826ab3163ffbd680d9c8741ca19", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30962, "scanner": "repobility-journey-contract", "fingerprint": "05628f9a6ac6acd420fc2e2f6747bf9ab5d661c776d18fe4d29bb92f64ceb784", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/connect", "correlation_key": "fp|05628f9a6ac6acd420fc2e2f6747bf9ab5d661c776d18fe4d29bb92f64ceb784", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30961, "scanner": "repobility-journey-contract", "fingerprint": "271dc860ccdf26cafc2d7aa6e074a1cf10cb6c28e88ce290572d6ff73cf1726f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/wormhole/status", "correlation_key": "fp|271dc860ccdf26cafc2d7aa6e074a1cf10cb6c28e88ce290572d6ff73cf1726f", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/wormholeHandlers.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30960, "scanner": "repobility-journey-contract", "fingerprint": "4d5ac9e4a2d060a65b2c4f05b0ff0f7786fd039048c40a7505b721e1b40c5969", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/system/update", "correlation_key": "fp|4d5ac9e4a2d060a65b2c4f05b0ff0f7786fd039048c40a7505b721e1b40c5969", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/updateHandlers.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30959, "scanner": "repobility-journey-contract", "fingerprint": "6ac5b727489919008f80c3f421e5a27ca077542c7e4e0a11a3134159f5803b5b", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/news-feeds/reset", "correlation_key": "fp|6ac5b727489919008f80c3f421e5a27ca077542c7e4e0a11a3134159f5803b5b", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30958, "scanner": "repobility-journey-contract", "fingerprint": "bdfbe2930a0d3df536a0c20e11336a21d53f57d14c711bdfc485bda727abade4", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/news-feeds", "correlation_key": "fp|bdfbe2930a0d3df536a0c20e11336a21d53f57d14c711bdfc485bda727abade4", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30957, "scanner": "repobility-journey-contract", "fingerprint": "b0ba391b15d49b8a0a416ba824e00d3272fa2deab7dfe9648875b36a8040c6ec", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/news-feeds", "correlation_key": "fp|b0ba391b15d49b8a0a416ba824e00d3272fa2deab7dfe9648875b36a8040c6ec", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30956, "scanner": "repobility-journey-contract", "fingerprint": "f6118d91f8a607ccb1cb7f71b47693301b13e77eda06eb66753caf83a9035d1b", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/api-keys", "correlation_key": "fp|f6118d91f8a607ccb1cb7f71b47693301b13e77eda06eb66753caf83a9035d1b", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30955, "scanner": "repobility-journey-contract", "fingerprint": "5c82dd4accf19f3944b385ac7c4f46b6f2a7468239db2d82126bad1ea296336b", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/privacy-profile", "correlation_key": "fp|5c82dd4accf19f3944b385ac7c4f46b6f2a7468239db2d82126bad1ea296336b", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30954, "scanner": "repobility-journey-contract", "fingerprint": "6ee2bd01fb71225d003da1b069eee074c2e1cb98aebf8978a81faca13d8e2a99", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/privacy-profile", "correlation_key": "fp|6ee2bd01fb71225d003da1b069eee074c2e1cb98aebf8978a81faca13d8e2a99", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30953, "scanner": "repobility-journey-contract", "fingerprint": "08f72aefd50dac061a1e1f7afe6f96edf8876fc241ccd6f99d065b88ecb012a3", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/wormhole", "correlation_key": "fp|08f72aefd50dac061a1e1f7afe6f96edf8876fc241ccd6f99d065b88ecb012a3", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 30952, "scanner": "repobility-journey-contract", "fingerprint": "9f6c49d2e75ca11cae2b371413b64581bf8a8428efe7f31c8d41ae399acf8db1", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/settings/wormhole", "correlation_key": "fp|9f6c49d2e75ca11cae2b371413b64581bf8a8428efe7f31c8d41ae399acf8db1", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /:...path/route."}, "properties": {"repobilityId": 30951, "scanner": "repobility-access-control", "fingerprint": "a8fc0f64e680515c8ba638f501ad043d1a7ee227f88bfed6de36878be065f291", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:...path/route", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|frontend/src/app/api/ ...path /route.ts|301|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/[...path]/route.ts"}, "region": {"startLine": 301}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /:...path/route."}, "properties": {"repobilityId": 30950, "scanner": "repobility-access-control", "fingerprint": "74556e76236e5ab54548a7cb646e0100008784761a8c0ac8db34b896f171f3a9", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:...path/route", "method": "PUT", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|frontend/src/app/api/ ...path /route.ts|297|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/[...path]/route.ts"}, "region": {"startLine": 297}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /:...path/route."}, "properties": {"repobilityId": 30949, "scanner": "repobility-access-control", "fingerprint": "b01b363dac0b73fc44d5565fe6cb8330cce16eca3f32e50766da4208578197d6", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:...path/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|frontend/src/app/api/ ...path /route.ts|293|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/[...path]/route.ts"}, "region": {"startLine": 293}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:...path/route."}, "properties": {"repobilityId": 30948, "scanner": "repobility-access-control", "fingerprint": "665fdfab93cad80b5dceb6abb1f21049d7000a1d69f6538001a74eae44a41040", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:...path/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|frontend/src/app/api/ ...path /route.ts|289|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/[...path]/route.ts"}, "region": {"startLine": 289}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /admin/session/route."}, "properties": {"repobilityId": 30947, "scanner": "repobility-access-control", "fingerprint": "833c7453e79bce209b17ef122bc203acce5590181a582758a5fd7ed5dfe77367", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin/session/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|100|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/admin/session/route.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: DELETE /admin/session/route."}, "properties": {"repobilityId": 30946, "scanner": "repobility-access-control", "fingerprint": "73ec3a93c998c21bf0b43d999991b0a32521757160f2dd17c6b03671b30b1c7b", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin/session/route", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|87|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/admin/session/route.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /admin/session/route."}, "properties": {"repobilityId": 30945, "scanner": "repobility-access-control", "fingerprint": "6a7ce7ed1dcce6d2c80e3fda5f89ce0d17f9acf0b1b1e9b4265d262b084fef04", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/admin/session/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|61|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/api/admin/session/route.ts"}, "region": {"startLine": 61}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 28.6% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 30944, "scanner": "repobility-access-control", "fingerprint": "a18d481d8a96b18fe748a12fe5d72cc6c8b23cab2d6282a40ddb22f2efcc2ae3", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 7, "correlation_key": "fp|a18d481d8a96b18fe748a12fe5d72cc6c8b23cab2d6282a40ddb22f2efcc2ae3", "auth_visible_percent": 28.6}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 30943, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `frontend` image uses the latest tag"}, "properties": {"repobilityId": 30940, "scanner": "repobility-docker", "fingerprint": "220e4d3f8f5eadab3fc8d2feabf0f035a42da11ea82facff718942ff3c02450b", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/bigbodycobain/shadowbroker-frontend:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|220e4d3f8f5eadab3fc8d2feabf0f035a42da11ea82facff718942ff3c02450b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `backend` image uses the latest tag"}, "properties": {"repobilityId": 30937, "scanner": "repobility-docker", "fingerprint": "3bf2bd04d8595a78e15bac4974d7bc0d5f5d30c580d2ce30d17cc6227a4c5b5c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/bigbodycobain/shadowbroker-backend:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3bf2bd04d8595a78e15bac4974d7bc0d5f5d30c580d2ce30d17cc6227a4c5b5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 30936, "scanner": "repobility-docker", "fingerprint": "a146fff042d94aff1aed9446edd340895201e54726e1c6d58a154c57ec909a8b", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a146fff042d94aff1aed9446edd340895201e54726e1c6d58a154c57ec909a8b", "missing_patterns": ["id_rsa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 30934, "scanner": "repobility-docker", "fingerprint": "24a4a38bf1ffbfdd879de90b6114cc201738363b72a976f12fbb831471a0cb1f", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|24a4a38bf1ffbfdd879de90b6114cc201738363b72a976f12fbb831471a0cb1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30932, "scanner": "repobility-agent-runtime", "fingerprint": "100a6efec22ecd478e11f7bb597fc5eee3c472cf81106ef01d029874a80c1818", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|100a6efec22ecd478e11f7bb597fc5eee3c472cf81106ef01d029874a80c1818"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/WorldviewLeftPanel.tsx"}, "region": {"startLine": 482}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30931, "scanner": "repobility-agent-runtime", "fingerprint": "139ffe5c0fde038d3eebbbf452c253a2af0a9ceb4a6a99b8c004d61db26d37d8", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|139ffe5c0fde038d3eebbbf452c253a2af0a9ceb4a6a99b8c004d61db26d37d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/ShodanPanel.tsx"}, "region": {"startLine": 246}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30930, "scanner": "repobility-agent-runtime", "fingerprint": "8f644e5c078a16bf80f5dce1ca9b86b0620916183c91c09c146badd51482b4dc", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|8f644e5c078a16bf80f5dce1ca9b86b0620916183c91c09c146badd51482b4dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/SarModeChooserModal.tsx"}, "region": {"startLine": 85}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30929, "scanner": "repobility-agent-runtime", "fingerprint": "8cf7ba1c68f3f1406faa643320b2c888bdc89653bd0e8fa098275ec26990d335", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|8cf7ba1c68f3f1406faa643320b2c888bdc89653bd0e8fa098275ec26990d335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshChat/useMeshChatController.ts"}, "region": {"startLine": 283}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30928, "scanner": "repobility-agent-runtime", "fingerprint": "cdbe75bf598982be58448b7f4c94912d9daa295cb9a7a90805546ecdb9e04bf3", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|cdbe75bf598982be58448b7f4c94912d9daa295cb9a7a90805546ecdb9e04bf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/MessagesView.tsx"}, "region": {"startLine": 281}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 30927, "scanner": "repobility-agent-runtime", "fingerprint": "d0e338cc5ae0de3fab6e83c2fa01733795e027e449f63d393bcfc84d470001b3", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|d0e338cc5ae0de3fab6e83c2fa01733795e027e449f63d393bcfc84d470001b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/InfonetShell.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 30926, "scanner": "repobility-agent-runtime", "fingerprint": "f2e25f0e511238745365154fa40a10b81e92e382cc5b49fa200fa2536cee508f", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f2e25f0e511238745365154fa40a10b81e92e382cc5b49fa200fa2536cee508f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/radio_intercept.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 30903, "scanner": "repobility-threat-engine", "fingerprint": "a2cdcbe29d9cd3e5cd5555241317c82fd4eb6014e2b3996cc9148c79787e14dd", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(`https://polymarket.com/event/${market.slug}`, '_blank', 'noopener,noreferrer')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|444|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/PredictionsPanel.tsx"}, "region": {"startLine": 444}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 30902, "scanner": "repobility-threat-engine", "fingerprint": "f6d29d82c23ef9ab995f904b6e5a8a7a657c7e8c8f88db491e30d03c24e729f3", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(buildPolymarketUrl(pred)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|5930|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MaplibreViewer.tsx"}, "region": {"startLine": 5930}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 30901, "scanner": "repobility-threat-engine", "fingerprint": "99354c970af6e360f69e58b65be98a1a4b731965b69a524e794c693c5e0a20c6", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(`https://polymarket.com/event/${market.slug}`, '_blank', 'noopener,noreferrer')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|380|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/MarketView.tsx"}, "region": {"startLine": 380}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 30896, "scanner": "repobility-threat-engine", "fingerprint": "3833272fc7229452d03f16e6367d9a41ba078a10a1bb70ebe49d10708465163f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ivacyStrictPreference();\n        const shuffled = [...peers].sort(() => Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3833272fc7229452d03f16e6367d9a41ba078a10a1bb70ebe49d10708465163f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshTerminal.tsx"}, "region": {"startLine": 2143}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 30895, "scanner": "repobility-threat-engine", "fingerprint": "e9d6660d0a8ce8a40befe47d1642556ca095d6839c03299ea48ea9a21c8e9f60", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random().toString(16).slice(2, 10)}`;\n}\n\nfunction mailboxStorageKey", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e9d6660d0a8ce8a40befe47d1642556ca095d6839c03299ea48ea9a21c8e9f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/MessagesView.tsx"}, "region": {"startLine": 202}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 30894, "scanner": "repobility-threat-engine", "fingerprint": "8cf606325c0cdd3577bac31568069dbd2e0fab94fb9d26e47442d11f18ce82cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() > 0.5;\n                    return (\n                      <div", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8cf606325c0cdd3577bac31568069dbd2e0fab94fb9d26e47442d11f18ce82cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/ExchangeView.tsx"}, "region": {"startLine": 205}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 30862, "scanner": "repobility-threat-engine", "fingerprint": "ba833717419a71425b2c96ba1261674af02e4695c51ae4f436d863ca385162b3", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(script, 0o755)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|backend/services/updater.py|307|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/updater.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 30861, "scanner": "repobility-threat-engine", "fingerprint": "181d70503166f4247e62580cad62b793850b620be0481cc1d37ba43c31513056", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(str(hidden_service_dir), 0o700)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|202|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/tor_hidden_service.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 30859, "scanner": "repobility-threat-engine", "fingerprint": "1d8a06e5ed5ebd1804fc1e493c9e82fb115850c02800f08303f3cafb32b46d18", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|backend/services/updater.py|228|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/updater.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 30858, "scanner": "repobility-threat-engine", "fingerprint": "38ed576af9fd140ae9f848e5b3568c84edbc0f1bdc34631fff39202070106223", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|112|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/tor_hidden_service.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 30857, "scanner": "repobility-threat-engine", "fingerprint": "5da3409d0567aed3883bd993657f1ec741ec34215abe5f99870da0f839406426", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "key={i} className={Math.random", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|361|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/ExchangeView.tsx"}, "region": {"startLine": 361}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 30856, "scanner": "repobility-threat-engine", "fingerprint": "b5839767d1c1cdbbfbeb8836ded0e99c656363a60c30a67f77c75026911bb188", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_dm_session", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|387|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/privacy_core_client.py"}, "region": {"startLine": 387}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 30851, "scanner": "repobility-threat-engine", "fingerprint": "480ada1f54c82c431ec11799e1952b19e7b70e0edfc2efcd095821f47f50f47f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def commit(self, *, amount: int, blinding: bytes) -> bytes:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|480ada1f54c82c431ec11799e1952b19e7b70e0edfc2efcd095821f47f50f47f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/privacy/shielded_balance.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 30850, "scanner": "repobility-threat-engine", "fingerprint": "eec77c09ead7b8e81d29c924750996b8961fb99576f2616741b0daa227f7d9a2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def sign(\n        self,\n        *,\n        message: bytes,\n        signer_private_key: <redacted>,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|eec77c09ead7b8e81d29c924750996b8961fb99576f2616741b0daa227f7d9a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/privacy/ringct.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 30849, "scanner": "repobility-threat-engine", "fingerprint": "541bdd7a6d47f5674405cccbd97eda0853d4b17ccc83ac77fcf19a9b2d0bfed3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def place_order(self, *, order: dict[str, Any]) -> str:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|541bdd7a6d47f5674405cccbd97eda0853d4b17ccc83ac77fcf19a9b2d0bfed3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/privacy/dex.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30839, "scanner": "repobility-threat-engine", "fingerprint": "eb725c38ff366a6a80faa79fd89a151cfcbf07580154676c452e8dde41ecf011", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|6|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/updateHandlers.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30838, "scanner": "repobility-threat-engine", "fingerprint": "e675d406a066bcce2a2455cbc81f317abd24c90aaf5722a2081837b7567034b0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|15|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/handlers/settingsHandlers.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30837, "scanner": "repobility-threat-engine", "fingerprint": "4224783e91635452612f01f3e03b4179d6f0ff3fa84bec6decd6b1e638d2fb77", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|193|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 30836, "scanner": "repobility-threat-engine", "fingerprint": "38e26933382eb053a9171f5ec506b12a17e9a4580f6979c8deb4459ba1ee1c46", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|204|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 30835, "scanner": "repobility-threat-engine", "fingerprint": "873fbff92e6ff9aa6e910587df572fdbe8c2e373a65684fa26e03baf18e4de0b", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "exec(input", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|4819|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshTerminal.tsx"}, "region": {"startLine": 4819}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_cctv_proxy_profile_for_url` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=19, nested_bonus=1, or=2, ternary=1."}, "properties": {"repobilityId": 30804, "scanner": "repobility-threat-engine", "fingerprint": "ac17e05a780df5c2c7d850d79e46c47002822edec51511368049576616613182", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_cctv_proxy_profile_for_url", "breakdown": {"if": 19, "or": 2, "ternary": 1, "nested_bonus": 1}, "complexity": 23, "correlation_key": "fp|ac17e05a780df5c2c7d850d79e46c47002822edec51511368049576616613182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/cctv.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 30786, "scanner": "repobility-threat-engine", "fingerprint": "409d3d7dbf58924500679bca6a9849eb9966c3577f50376dec89a3a928d5a9ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        res = fetch_with_curl(\n            url,\n            headers={\n                \"User-Age", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|409d3d7dbf58924500679bca6a9849eb9966c3577f50376dec89a3a928d5a9ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/earth_observation.py"}, "region": {"startLine": 952}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 30785, "scanner": "repobility-threat-engine", "fingerprint": "348d22c913ce8fae54dcb60b236b73346a582058799208cb7eee82dd13d64767", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        from services.mesh.mesh_wormhole_persona import (\n            bootstrap_wormhole_person", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|348d22c913ce8fae54dcb60b236b73346a582058799208cb7eee82dd13d64767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/mesh_public.py"}, "region": {"startLine": 442}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 30784, "scanner": "repobility-threat-engine", "fingerprint": "57d909dcc052578859d4a94b33b5ceb4c12c3c8648a4f98f29f6736cc8cfac76", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        from services.mesh.mesh_wormhole_persona import (\n            bootstrap_wormhole_person", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|57d909dcc052578859d4a94b33b5ceb4c12c3c8648a4f98f29f6736cc8cfac76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 2818}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 30776, "scanner": "repobility-threat-engine", "fingerprint": "b9f8fc0b199d883bb187a4b65df5a3541efbaa3f7801ebcb6850f824d70495f1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b9f8fc0b199d883bb187a4b65df5a3541efbaa3f7801ebcb6850f824d70495f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/admin.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 30775, "scanner": "repobility-threat-engine", "fingerprint": "a86cbb23cb3c7ff84fa70bf4ee727a66a62e810b7e34265d11c3635dd8c26bb1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a86cbb23cb3c7ff84fa70bf4ee727a66a62e810b7e34265d11c3635dd8c26bb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1192}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 30774, "scanner": "repobility-threat-engine", "fingerprint": "cf0c69f48ea76bb4ee6d5eb2cc624d237cd1a93885aa90009df9fd4d09f20310", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf0c69f48ea76bb4ee6d5eb2cc624d237cd1a93885aa90009df9fd4d09f20310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/auth.py"}, "region": {"startLine": 460}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 30760, "scanner": "repobility-threat-engine", "fingerprint": "8e972a2277e7b55554807795bc698bf09868f9c60261a785e458fa0b1d2e272b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e972a2277e7b55554807795bc698bf09868f9c60261a785e458fa0b1d2e272b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/TimelinePanel.tsx"}, "region": {"startLine": 93}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 30759, "scanner": "repobility-threat-engine", "fingerprint": "dc3a8c217c44c79ca980b7192920e7d102ddd1a8cc6c8f07df7554117c5a4498", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dc3a8c217c44c79ca980b7192920e7d102ddd1a8cc6c8f07df7554117c5a4498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/SettingsPanel.tsx"}, "region": {"startLine": 298}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 30758, "scanner": "repobility-threat-engine", "fingerprint": "855c5bb25494ce38971eee0ad3d503b6ec3ff95d04073986c512d81d65fe792c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|855c5bb25494ce38971eee0ad3d503b6ec3ff95d04073986c512d81d65fe792c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/ais_proxy.js"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 30942, "scanner": "repobility-docker", "fingerprint": "f3e0169f72e598eccabbc3fe625a9f197e957ac9d8916da5a5cc5202c7bf29b5", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f3e0169f72e598eccabbc3fe625a9f197e957ac9d8916da5a5cc5202c7bf29b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 30941, "scanner": "repobility-docker", "fingerprint": "931258b8c6c1df5feaa5a7ce606d2be07ba2d003cd0fdec00f01f7ec2ad45c01", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|931258b8c6c1df5feaa5a7ce606d2be07ba2d003cd0fdec00f01f7ec2ad45c01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 30939, "scanner": "repobility-docker", "fingerprint": "c6e61531bb82aff389c1fa7e94a967a46f1ffe84a7509ba38242431e7fe97419", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "backend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c6e61531bb82aff389c1fa7e94a967a46f1ffe84a7509ba38242431e7fe97419"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 30938, "scanner": "repobility-docker", "fingerprint": "7d442a836d2802697af55670048ec11b21cda14c04cb4288e1d3e2d0bd29a0ce", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "backend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7d442a836d2802697af55670048ec11b21cda14c04cb4288e1d3e2d0bd29a0ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 30935, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88537b421d507831ed0b27ec86cb35b0b4d11c80f03470ab0eca4e5adbdf0f84", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/mesh/meshDmWorkerVault.ts", "duplicate_line": 31, "correlation_key": "fp|88537b421d507831ed0b27ec86cb35b0b4d11c80f03470ab0eca4e5adbdf0f84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/mesh/meshGateWorkerVault.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a4f0dc63e83f496dba35ef04ba4d7366bb52122a8113ccbaddd842001a1359d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/mesh/meshGate.worker.ts", "duplicate_line": 1, "correlation_key": "fp|9a4f0dc63e83f496dba35ef04ba4d7366bb52122a8113ccbaddd842001a1359d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/mesh/meshGateLocalRuntime.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d8e94d7bcaf24d187029ddc9dde31b4f5b7c395a9b8021e8f8712d1368e71f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/mesh/meshDmRatchet.ts", "duplicate_line": 20, "correlation_key": "fp|2d8e94d7bcaf24d187029ddc9dde31b4f5b7c395a9b8021e8f8712d1368e71f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/mesh/meshDmWorkerVault.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65f0253b5d33bd777446fcbefbc75ee240af751449d827b2dffb976b8268eff5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/mesh/meshDm.worker.ts", "duplicate_line": 37, "correlation_key": "fp|65f0253b5d33bd777446fcbefbc75ee240af751449d827b2dffb976b8268eff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/mesh/meshDmRatchet.ts"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6414bc840d304b5e7553ffa1bc7321dc8d974b8f40e192aa1865100d7c9931c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/map/hooks/useStaticMapLayersWorker.ts", "duplicate_line": 8, "correlation_key": "fp|6414bc840d304b5e7553ffa1bc7321dc8d974b8f40e192aa1865100d7c9931c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/map/staticMapLayers.worker.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29b6a1441fe3727137aeec1dbcfb1992af4df9fb998052e12934fd0f1fdaf7c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/map/dynamicMapLayers.worker.ts", "duplicate_line": 51, "correlation_key": "fp|29b6a1441fe3727137aeec1dbcfb1992af4df9fb998052e12934fd0f1fdaf7c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/map/hooks/useDynamicMapLayersWorker.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfeef9ffcd291669801b9abc9f471e4c75d3f2ad83bbf731a697ed6535e1edc9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/FilterPanel.tsx", "duplicate_line": 287, "correlation_key": "fp|cfeef9ffcd291669801b9abc9f471e4c75d3f2ad83bbf731a697ed6535e1edc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/WorldviewRightPanel.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e791215fd6f146f21482e471ff0171d8db4dad07266df1af54f4f2f38a88f7ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/SarAoiEditorModal.tsx", "duplicate_line": 173, "correlation_key": "fp|e791215fd6f146f21482e471ff0171d8db4dad07266df1af54f4f2f38a88f7ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/SarModeChooserModal.tsx"}, "region": {"startLine": 137}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f15c859791027164174be71f52f4cd307959c4cfa152a0d5f1271f8f1a37a4d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/InfonetTerminal/PetitionsView.tsx", "duplicate_line": 201, "correlation_key": "fp|f15c859791027164174be71f52f4cd307959c4cfa152a0d5f1271f8f1a37a4d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/UpgradeView.tsx"}, "region": {"startLine": 138}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "debeb2d70eb4967e866a0f15e80e5311dde541a9e71936df281f7980dbff20cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/components/InfonetTerminal/ExchangeView.tsx", "duplicate_line": 107, "correlation_key": "fp|debeb2d70eb4967e866a0f15e80e5311dde541a9e71936df281f7980dbff20cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/MarketView.tsx"}, "region": {"startLine": 203}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0a90ceac99b33c470cc01e3e098323ca4303073a3535db3fe5f83c412aa2b0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/services/fetchers/satellites.py", "duplicate_line": 812, "correlation_key": "fp|a0a90ceac99b33c470cc01e3e098323ca4303073a3535db3fe5f83c412aa2b0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/tinygs_fetcher.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0407f2493b4afed0e77db94b02966de8c645c663e50b84ad4c95bb646a1afdd6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/services/privacy_core_attestation.py", "duplicate_line": 23, "correlation_key": "fp|0407f2493b4afed0e77db94b02966de8c645c663e50b84ad4c95bb646a1afdd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/privacy_core_client.py"}, "region": {"startLine": 493}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "973f089cb5440c97d30cb4ce98f3472a6d0ad48ae174ce0181b2d84e5de3d805", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/services/infonet/partition/two_tier_state.py", "duplicate_line": 47, "correlation_key": "fp|973f089cb5440c97d30cb4ce98f3472a6d0ad48ae174ce0181b2d84e5de3d805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/schema.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d347340179ee2c1ce51f80fceed2418e131fb5fcbc883f88cc286b38b03eafd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/services/infonet/governance/petition.py", "duplicate_line": 26, "correlation_key": "fp|4d347340179ee2c1ce51f80fceed2418e131fb5fcbc883f88cc286b38b03eafd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/upgrade_hash.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d05cd0a3076a8718f4e90521687c920c3a07489a96a3ac661091bcd8c5551bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/services/infonet/gates/__init__.py", "duplicate_line": 27, "correlation_key": "fp|8d05cd0a3076a8718f4e90521687c920c3a07489a96a3ac661091bcd8c5551bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/gates/shutdown/__init__.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e44eb5108a9d338e6419b0f4fc8ec79e0f89e90faf491248de7da6b765f9da36", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/routers/mesh_oracle.py", "duplicate_line": 23, "correlation_key": "fp|e44eb5108a9d338e6419b0f4fc8ec79e0f89e90faf491248de7da6b765f9da36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/tools.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `api_set_meshtastic_mqtt_settings` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, except=1, if=6, nested_bonus=2."}, "properties": {"repobilityId": 30803, "scanner": "repobility-threat-engine", "fingerprint": "85b01927a8f6b0989ff193ee04346e2869f10e5cd831919cb861c99f5356d7b3", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "api_set_meshtastic_mqtt_settings", "breakdown": {"if": 6, "else": 2, "except": 1, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|85b01927a8f6b0989ff193ee04346e2869f10e5cd831919cb861c99f5356d7b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/admin.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 30908, "scanner": "repobility-threat-engine", "fingerprint": "d62f3d0bc5d18951d983b8d943b34462f7f3376555b4b079eab1637010768918", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d62f3d0bc5d18951d983b8d943b34462f7f3376555b4b079eab1637010768918"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "wormhole-start.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 30907, "scanner": "repobility-threat-engine", "fingerprint": "164fdb2446d623fc0fab0f0e0251f34b3bd6a7e47fae00e83861b6cd5ca8e857", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|164fdb2446d623fc0fab0f0e0251f34b3bd6a7e47fae00e83861b6cd5ca8e857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meshnode.sh"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 30905, "scanner": "repobility-threat-engine", "fingerprint": "1859c3480eca2f346d0f81f1b389b949e6356c589363d3176b5215c458cb6cec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1859c3480eca2f346d0f81f1b389b949e6356c589363d3176b5215c458cb6cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MaplibreViewer.tsx"}, "region": {"startLine": 5764}}}]}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 30904, "scanner": "repobility-threat-engine", "fingerprint": "0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 30900, "scanner": "repobility-threat-engine", "fingerprint": "341925f4f4432d889052c814b3d3d8a2e5610fccb75eb2eece0bef4d9a299afd", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|frontend/src/middleware.ts|39|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/middleware.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 30899, "scanner": "repobility-threat-engine", "fingerprint": "643fd409cdd8c4a33d1592133e0eb73b50fabe316e554a52e33c8bd5fae33f8a", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|199|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/MessagesView.tsx"}, "region": {"startLine": 199}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 30898, "scanner": "repobility-threat-engine", "fingerprint": "102343056ac04b8cc170096ca77d84921aa2a0e9160283fc8c73eeb93abac469", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|58|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/LiveActivityLog.tsx"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC087", "level": "none", "message": {"text": "[SEC087] JS: weak Math.random for crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30897, "scanner": "repobility-threat-engine", "fingerprint": "07858a0dd31ac85f95ed95bbe2ad6e5c01414bdc2286bcfa4d29ab4c4eaef0e9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|07858a0dd31ac85f95ed95bbe2ad6e5c01414bdc2286bcfa4d29ab4c4eaef0e9"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 30893, "scanner": "repobility-threat-engine", "fingerprint": "dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "aggregated_count": 4}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30892, "scanner": "repobility-threat-engine", "fingerprint": "008cabca1f7e99d865df173715704c8ef687ad80c42611b1643415c473f2cd52", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|008cabca1f7e99d865df173715704c8ef687ad80c42611b1643415c473f2cd52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/NewsFeed.tsx"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30891, "scanner": "repobility-threat-engine", "fingerprint": "786e78850587aa1ad6e657441d9ae5abe095c431bdf340096b9d9371e78ff4ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|786e78850587aa1ad6e657441d9ae5abe095c431bdf340096b9d9371e78ff4ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MaplibreViewer.tsx"}, "region": {"startLine": 791}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 30890, "scanner": "repobility-threat-engine", "fingerprint": "84f66df9b4e934e54b153915f71b63fcb6d903f6c19942ceecf554e86964be72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|84f66df9b4e934e54b153915f71b63fcb6d903f6c19942ceecf554e86964be72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/AIIntelPanel.tsx"}, "region": {"startLine": 1631}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 30889, "scanner": "repobility-threat-engine", "fingerprint": "320d20d8de99746b95f8af10c4a75f0f8839d795785bbb83dbc53a075f6d8615", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|320d20d8de99746b95f8af10c4a75f0f8839d795785bbb83dbc53a075f6d8615", "aggregated_count": 21}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30888, "scanner": "repobility-threat-engine", "fingerprint": "512c061c699d3283c48fbe21cf0bb1a6b585119cb2b50e456777bb67b1506fae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|512c061c699d3283c48fbe21cf0bb1a6b585119cb2b50e456777bb67b1506fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/ChangelogModal.tsx"}, "region": {"startLine": 322}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30887, "scanner": "repobility-threat-engine", "fingerprint": "9ebe526ed9cab4d62a9ef34a3e8b0549a5e197dfc7bf326160b37463d6755517", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ebe526ed9cab4d62a9ef34a3e8b0549a5e197dfc7bf326160b37463d6755517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/AIIntelPanel.tsx"}, "region": {"startLine": 1632}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 30886, "scanner": "repobility-threat-engine", "fingerprint": "e842c251bec6d25f893e286910fbf83f6b776a61ff3c0318c4271c63e89b9c25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e842c251bec6d25f893e286910fbf83f6b776a61ff3c0318c4271c63e89b9c25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/LocateBar.tsx"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 30883, "scanner": "repobility-threat-engine", "fingerprint": "cc9127fc9c06d71a9883f48257d547c50a54217c21a400766fc875853fe9efa5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc9127fc9c06d71a9883f48257d547c50a54217c21a400766fc875853fe9efa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/policy.rs"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 30882, "scanner": "repobility-threat-engine", "fingerprint": "cf71c062e4ba7068396d59d5be3301e13636b26dbcaebc70ae9781008adfdf5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cf71c062e4ba7068396d59d5be3301e13636b26dbcaebc70ae9781008adfdf5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "privacy-core/src/lib.rs"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 30881, "scanner": "repobility-threat-engine", "fingerprint": "1ff606d6a379ea6b6ac5c728b52602b87e94ee7d4032a346dbe28ca6e7722415", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ff606d6a379ea6b6ac5c728b52602b87e94ee7d4032a346dbe28ca6e7722415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/local_custody.rs"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30880, "scanner": "repobility-threat-engine", "fingerprint": "9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "aggregated_count": 1}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30879, "scanner": "repobility-threat-engine", "fingerprint": "e7cfdf85262e47d6feb8c7985644f0f80406b4f92e927664f4fdd03e504a7198", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7cfdf85262e47d6feb8c7985644f0f80406b4f92e927664f4fdd03e504a7198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/main.rs"}, "region": {"startLine": 543}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30878, "scanner": "repobility-threat-engine", "fingerprint": "c2a91e318fd3159c55e6436d4f4ebe6d61f826b9ccf356aa7f422f53e9b4fd44", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2a91e318fd3159c55e6436d4f4ebe6d61f826b9ccf356aa7f422f53e9b4fd44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/gate_crypto.rs"}, "region": {"startLine": 1104}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 30877, "scanner": "repobility-threat-engine", "fingerprint": "5caa8216e83b6c9e64dfedd29c1c599f69b4b5601336daa5edd2735f856bed7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5caa8216e83b6c9e64dfedd29c1c599f69b4b5601336daa5edd2735f856bed7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/companion_server.rs"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 30876, "scanner": "repobility-threat-engine", "fingerprint": "2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "aggregated_count": 4}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 30872, "scanner": "repobility-threat-engine", "fingerprint": "e6b12850e54eb1ffa424becfb0f6a8e7a5c6d257d13b26934f0112681066c89f", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e6b12850e54eb1ffa424becfb0f6a8e7a5c6d257d13b26934f0112681066c89f"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 30867, "scanner": "repobility-threat-engine", "fingerprint": "fd5263f259df18a6d881fa012e78c00f0f8814bd1b866788a5442afaae3a615d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fd5263f259df18a6d881fa012e78c00f0f8814bd1b866788a5442afaae3a615d", "aggregated_count": 19}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30866, "scanner": "repobility-threat-engine", "fingerprint": "47194cfb50270009c91b99946ea5bb508d106da76bb7259740997b9c687fcee3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47194cfb50270009c91b99946ea5bb508d106da76bb7259740997b9c687fcee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/ExchangeView.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30865, "scanner": "repobility-threat-engine", "fingerprint": "97e96e5c3bfd47ce3e50da598cf57ae26d64338e21bdbdc3039f11717a9551db", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97e96e5c3bfd47ce3e50da598cf57ae26d64338e21bdbdc3039f11717a9551db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/app/page.tsx"}, "region": {"startLine": 751}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 30864, "scanner": "repobility-threat-engine", "fingerprint": "641e02cacaf8d4b88a81327dc5aefb5a28639678ffd9e795e786ab90453c29f5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|641e02cacaf8d4b88a81327dc5aefb5a28639678ffd9e795e786ab90453c29f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/nativeControlRouter.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 30863, "scanner": "repobility-threat-engine", "fingerprint": "c4de01db002b05197fb613a40440d7a541d7a503cb0c8900c3b541f8ff67e0b7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c4de01db002b05197fb613a40440d7a541d7a503cb0c8900c3b541f8ff67e0b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/wormhole_supervisor.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 30854, "scanner": "repobility-threat-engine", "fingerprint": "31b920c5e927ccbecf00e835d796ba1495fa9c1e505938e915a633d0b6f3c726", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31b920c5e927ccbecf00e835d796ba1495fa9c1e505938e915a633d0b6f3c726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_signed_events.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 30853, "scanner": "repobility-threat-engine", "fingerprint": "b13ac6c94d6d175666bfabd4ba10dbb4b891d8818aa4cdc7d874522c9cf87e47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b13ac6c94d6d175666bfabd4ba10dbb4b891d8818aa4cdc7d874522c9cf87e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_peer_store.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30852, "scanner": "repobility-threat-engine", "fingerprint": "53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf"}}}, {"ruleId": "MINED009", "level": "none", "message": {"text": "[MINED009] Floats For Money (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30848, "scanner": "repobility-threat-engine", "fingerprint": "12045eff8aadab62ebed6cee261b286aa2c73b4ebd8450dbbd3f3c951109ebf4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|12045eff8aadab62ebed6cee261b286aa2c73b4ebd8450dbbd3f3c951109ebf4", "aggregated_count": 3}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30840, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 30834, "scanner": "repobility-threat-engine", "fingerprint": "5295c524ca5291749179be0f120eeb91db5c08b1c4529febdeb0eb29202d7e8b", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern inside a data structure (list/tuple/dict) \u2014 likely a detection rule, not executable code", "evidence": {"match": "os.popen(", "reason": "Pattern inside a data structure (list/tuple/dict) \u2014 likely a detection rule, not executable code", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|203|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 30833, "scanner": "repobility-threat-engine", "fingerprint": "794f91bdcb74ecd58fddfe739222135d5283be77768826da03535ea117d2e893", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|794f91bdcb74ecd58fddfe739222135d5283be77768826da03535ea117d2e893", "aggregated_count": 16}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30832, "scanner": "repobility-threat-engine", "fingerprint": "78c1283352bf9f9cd055bf47de0133a31f09e1e3b6e77c7f37b3ae9dc6bc8f80", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78c1283352bf9f9cd055bf47de0133a31f09e1e3b6e77c7f37b3ae9dc6bc8f80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/gates/shutdown/suspend.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30831, "scanner": "repobility-threat-engine", "fingerprint": "fbec4ceceeba82534d9950e971119a4044653dcd21778d4e2340b18335cc2845", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fbec4ceceeba82534d9950e971119a4044653dcd21778d4e2340b18335cc2845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/gates/shutdown/shutdown.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30830, "scanner": "repobility-threat-engine", "fingerprint": "5133fdf958e2642aa3cdacef587470495cfddc8ccba3b140cd2bac36cf937907", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5133fdf958e2642aa3cdacef587470495cfddc8ccba3b140cd2bac36cf937907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/gates/sacrifice.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 30829, "scanner": "repobility-threat-engine", "fingerprint": "4858df6d0c172ff405fc3dd52323740a130cc706051d370019c7a80660a3600f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4858df6d0c172ff405fc3dd52323740a130cc706051d370019c7a80660a3600f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/backend_runtime.rs"}, "region": {"startLine": 416}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 30828, "scanner": "repobility-threat-engine", "fingerprint": "3b44b9c654b7a24a8930c3cbab0c7e948a089318339cc7a1744afd7b9b3f4898", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b44b9c654b7a24a8930c3cbab0c7e948a089318339cc7a1744afd7b9b3f4898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/earth_observation.py"}, "region": {"startLine": 705}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 30827, "scanner": "repobility-threat-engine", "fingerprint": "8cb9b8ba1af4c63f47272972d63c8948376d9f83e07a00ac4fef1ec08f862a7c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8cb9b8ba1af4c63f47272972d63c8948376d9f83e07a00ac4fef1ec08f862a7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/env_check.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 30826, "scanner": "repobility-threat-engine", "fingerprint": "57aac309b6899b38589275ae8d9c60ea22eeef7fcf9974ebb10f5d9c6e07dc60", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|57aac309b6899b38589275ae8d9c60ea22eeef7fcf9974ebb10f5d9c6e07dc60", "aggregated_count": 12}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 30825, "scanner": "repobility-threat-engine", "fingerprint": "de6677b9b368f4f8eabf9d912db83cfcd7f0c0b361aff79647be5cf415ef57ca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de6677b9b368f4f8eabf9d912db83cfcd7f0c0b361aff79647be5cf415ef57ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/aircraft_database.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 30824, "scanner": "repobility-threat-engine", "fingerprint": "94ece6dc7c4b4789b6d79d3e08bed7d5ddd195df1b093b975517a39fe5152563", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94ece6dc7c4b4789b6d79d3e08bed7d5ddd195df1b093b975517a39fe5152563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/feed_ingester.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 30823, "scanner": "repobility-threat-engine", "fingerprint": "99389ed4c4c8347e499a59b630df8faf5647615f5af1a39758c41f4c1de9f576", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99389ed4c4c8347e499a59b630df8faf5647615f5af1a39758c41f4c1de9f576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/cctv_pipeline.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30822, "scanner": "repobility-threat-engine", "fingerprint": "ac37c63e58331285ab1ea0e69c8fe8e41938ac58ffcfc68b8e09720434b4d91e", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ac37c63e58331285ab1ea0e69c8fe8e41938ac58ffcfc68b8e09720434b4d91e"}}}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 30818, "scanner": "repobility-threat-engine", "fingerprint": "724d902f6d72037252477ae5bec634fedc28cd3a0c95602927a5f48cc47f1b2e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|724d902f6d72037252477ae5bec634fedc28cd3a0c95602927a5f48cc47f1b2e"}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 30814, "scanner": "repobility-threat-engine", "fingerprint": "5d675777733ff06a052c694ec7cbf29bcb0040fd8a50d1af8ba7f8c5a7c4df54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5d675777733ff06a052c694ec7cbf29bcb0040fd8a50d1af8ba7f8c5a7c4df54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/stix_exporter.py"}, "region": {"startLine": 396}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 30813, "scanner": "repobility-threat-engine", "fingerprint": "4c7537d993bd2faef178242d8e2fc81f870e79f68e715f4e30dc0897f4b00733", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c7537d993bd2faef178242d8e2fc81f870e79f68e715f4e30dc0897f4b00733"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/analysis_zone_store.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 30812, "scanner": "repobility-threat-engine", "fingerprint": "115419549abe9e25825bcfe12fe70330b61e7befbf1c2d0c1e9e37545a9144eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|115419549abe9e25825bcfe12fe70330b61e7befbf1c2d0c1e9e37545a9144eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/ai_pin_store.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30811, "scanner": "repobility-threat-engine", "fingerprint": "dfe7daa1fdc42278e0da3b6658cb981fd627e0a44b904b245fbb3aa8a329ddda", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dfe7daa1fdc42278e0da3b6658cb981fd627e0a44b904b245fbb3aa8a329ddda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/rotate_secure_storage_secret.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30809, "scanner": "repobility-threat-engine", "fingerprint": "f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "aggregated_count": 1}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 414 more): Same pattern found in 414 additional files. Review if needed."}, "properties": {"repobilityId": 30805, "scanner": "repobility-threat-engine", "fingerprint": "8f5c1c2e09d144c7e96d64865b1019c627b126816603e15c45571f04e232a964", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 414 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_refresh_node_peer_store", "breakdown": {"if": 9, "or": 2, "for": 3, "except": 2, "ternary": 3, "continue": 6, "nested_bonus": 8}, "aggregated": true, "complexity": 33, "correlation_key": "fp|8f5c1c2e09d144c7e96d64865b1019c627b126816603e15c45571f04e232a964", "aggregated_count": 414}}}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30801, "scanner": "repobility-threat-engine", "fingerprint": "904c9d309bd336199035b1f270b4696a2b650b4c9eb670ffc915bec567d4c074", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|904c9d309bd336199035b1f270b4696a2b650b4c9eb670ffc915bec567d4c074", "aggregated_count": 1}}}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 30800, "scanner": "repobility-threat-engine", "fingerprint": "2ec6fe224af684a5c262fdee4d2c805508a6d846881e32ee58090801ba61aee5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ec6fe224af684a5c262fdee4d2c805508a6d846881e32ee58090801ba61aee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/wormhole_supervisor.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 30799, "scanner": "repobility-threat-engine", "fingerprint": "40eac3ba984eae9b23ba9b0dd39cd7e471763b83e58c70e81805d3e7badbaa45", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40eac3ba984eae9b23ba9b0dd39cd7e471763b83e58c70e81805d3e7badbaa45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/config.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 30798, "scanner": "repobility-threat-engine", "fingerprint": "286618fb1988fdd0e78ec8cc3d7dab12ab578a2ae555273ed3c380d3b968e825", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|286618fb1988fdd0e78ec8cc3d7dab12ab578a2ae555273ed3c380d3b968e825"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30797, "scanner": "repobility-threat-engine", "fingerprint": "0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0a8b3c5a518a9cdd659fdd0b464d2bf4180e3ef7aeea526b02fc592daf044124", "aggregated_count": 1}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 30796, "scanner": "repobility-threat-engine", "fingerprint": "6d4467ab6b59e2f0465ef37b56876d947a756f208f90eef97b1ce6d8ab2084a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d4467ab6b59e2f0465ef37b56876d947a756f208f90eef97b1ce6d8ab2084a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/sigint_bridge.py"}, "region": {"startLine": 632}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 30795, "scanner": "repobility-threat-engine", "fingerprint": "58360face70b3830fd38d8f53d1b9a55ddd40ee625fea58ce968b8c4474ebd4f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58360face70b3830fd38d8f53d1b9a55ddd40ee625fea58ce968b8c4474ebd4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/env_check.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 30794, "scanner": "repobility-threat-engine", "fingerprint": "6a1cfc57827be22fb3bd18d9fc1d08c472ca6371e2e4714cc0c690f94175ffdc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a1cfc57827be22fb3bd18d9fc1d08c472ca6371e2e4714cc0c690f94175ffdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1425}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 30793, "scanner": "repobility-threat-engine", "fingerprint": "dfd549f4ea7517a3504d88a2818667d828285d3a0d31beed367814361761eef1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dfd549f4ea7517a3504d88a2818667d828285d3a0d31beed367814361761eef1", "aggregated_count": 17}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30792, "scanner": "repobility-threat-engine", "fingerprint": "9cc81dc2edb79daffc2d3ea6353a41403249c5a1db102721236cee84d59885fd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9cc81dc2edb79daffc2d3ea6353a41403249c5a1db102721236cee84d59885fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/tools.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30791, "scanner": "repobility-threat-engine", "fingerprint": "3ae18281d39e95df66327f2c6ec1b1e3fee574ec006a8141b225180c87f8c2fd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ae18281d39e95df66327f2c6ec1b1e3fee574ec006a8141b225180c87f8c2fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/cctv.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 30790, "scanner": "repobility-threat-engine", "fingerprint": "85d3c7ef1755f7e799ab27d636ddbfdb6e821ef3f379d8f77486d3000a50eef6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85d3c7ef1755f7e799ab27d636ddbfdb6e821ef3f379d8f77486d3000a50eef6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 2245}}}]}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 30787, "scanner": "repobility-threat-engine", "fingerprint": "1cae2d22dd8e704b9857f6508e9c9a122930a67514faf76463f31cca6175971c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1cae2d22dd8e704b9857f6508e9c9a122930a67514faf76463f31cca6175971c"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "properties": {"repobilityId": 30783, "scanner": "repobility-threat-engine", "fingerprint": "7172016ce8246c517d2350c039c5d0cdb96a634b9400c047fca9510ffa3f0659", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 51 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 51 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7172016ce8246c517d2350c039c5d0cdb96a634b9400c047fca9510ffa3f0659"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "properties": {"repobilityId": 30777, "scanner": "repobility-threat-engine", "fingerprint": "75d433e4e0f1c1addf7284dc7ac198e222a64770dfc5d76e1340cef2a7a24c8d", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75d433e4e0f1c1addf7284dc7ac198e222a64770dfc5d76e1340cef2a7a24c8d"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 58 more): Same pattern found in 58 additional files. Review if needed."}, "properties": {"repobilityId": 30773, "scanner": "repobility-threat-engine", "fingerprint": "2723ad5a1ce56bbdba080c8e1759826f4e16f73481d0e6635af3d86a292b1825", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 58 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2723ad5a1ce56bbdba080c8e1759826f4e16f73481d0e6635af3d86a292b1825", "aggregated_count": 58}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30772, "scanner": "repobility-threat-engine", "fingerprint": "c0a72bcd1c3ccaaaf875f9f6ddf1743ec564588fbe1653e468d8b73f299a62f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0a72bcd1c3ccaaaf875f9f6ddf1743ec564588fbe1653e468d8b73f299a62f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/ai_intel.py"}, "region": {"startLine": 2686}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30771, "scanner": "repobility-threat-engine", "fingerprint": "145282c32f31952f1ecddc89c8c585e6f706bb80982fc50276bc5dcb748bbd27", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|145282c32f31952f1ecddc89c8c585e6f706bb80982fc50276bc5dcb748bbd27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1193}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30770, "scanner": "repobility-threat-engine", "fingerprint": "bf366a462cd0fb4df6e7d0dca12faed174530bb1b1e308184f3b7001638708bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bf366a462cd0fb4df6e7d0dca12faed174530bb1b1e308184f3b7001638708bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/auth.py"}, "region": {"startLine": 461}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "properties": {"repobilityId": 30769, "scanner": "repobility-threat-engine", "fingerprint": "0ffa714c23c549c9a51e8ac0f7e90fd990e01010d146984b2cc4c55b74a1c4eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 47 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0ffa714c23c549c9a51e8ac0f7e90fd990e01010d146984b2cc4c55b74a1c4eb", "aggregated_count": 47}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "properties": {"repobilityId": 30765, "scanner": "repobility-threat-engine", "fingerprint": "8d20dfc2befa3eb413b2ab210f87e4dd6c3b64cbfe0a0c2c1da125bec510ae7c", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 55 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 55 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8d20dfc2befa3eb413b2ab210f87e4dd6c3b64cbfe0a0c2c1da125bec510ae7c"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 30761, "scanner": "repobility-threat-engine", "fingerprint": "2949c2702d7166dac258164d4c52ef70add92ecb6c82892fbc20aaf8046756af", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2949c2702d7166dac258164d4c52ef70add92ecb6c82892fbc20aaf8046756af"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "properties": {"repobilityId": 30757, "scanner": "repobility-threat-engine", "fingerprint": "3f0e913136ec1177a3b609876bdfcf1f6c8171f1a46631f32ff26fca5b9101bc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3f0e913136ec1177a3b609876bdfcf1f6c8171f1a46631f32ff26fca5b9101bc", "aggregated_count": 36}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30756, "scanner": "repobility-threat-engine", "fingerprint": "1f4851820739f5305077b1f6605970be73b335d897feee8249f1bb9998594278", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f4851820739f5305077b1f6605970be73b335d897feee8249f1bb9998594278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/scripts/build-backend-runtime.cjs"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30755, "scanner": "repobility-threat-engine", "fingerprint": "f520cd5c2b66f21eb35506fdd9d49c9958f2b4fbb2d05623a61a66aabd3e9532", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f520cd5c2b66f21eb35506fdd9d49c9958f2b4fbb2d05623a61a66aabd3e9532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/src/nativeControlRouter.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 30754, "scanner": "repobility-threat-engine", "fingerprint": "f05bfc3eff72c41b728f0570d2f25b5997eb25ffaa50aee3f7af7ef3ed6c23d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f05bfc3eff72c41b728f0570d2f25b5997eb25ffaa50aee3f7af7ef3ed6c23d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/ais_proxy.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 30753, "scanner": "repobility-threat-engine", "fingerprint": "f340f0550f19048512292af4ea26aa33b4e23d5a00b7fb04cd9e96f043e36a06", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f340f0550f19048512292af4ea26aa33b4e23d5a00b7fb04cd9e96f043e36a06"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30752, "scanner": "repobility-threat-engine", "fingerprint": "0fa27503ba587dd50cba0de575afec437cb954d56ca249651a3b523ba79c62e6", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.info(f\"Loaded secret {_var} from {_file_path}\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|backend/main.py|18|logger.info f loaded secret _var from _file_path"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30751, "scanner": "repobility-threat-engine", "fingerprint": "e9ebf0520b6efd5474eb75bb9cc4555e5dca7ad2605734fd7b36530ca3216093", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.warning(\"failed to parse MESH_SCOPED_TOKENS: %s\", type(exc)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|backend/auth.py|9|logger.warning failed to parse mesh_scoped_tokens: s type exc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/auth.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30750, "scanner": "repobility-threat-engine", "fingerprint": "6cfe4cb43377b865f56d84928de5293e4fd45e4712b43f0c1f0b102beb858478", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "console.error(\"FATAL: AIS_API_KEY is not set. WebSocket proxy cannot start.\")", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|backend/ais_proxy.js|1|console.error fatal: ais_api_key is not set. websocket proxy cannot start."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/ais_proxy.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 30967, "scanner": "repobility-journey-contract", "fingerprint": "87e7383016da8820c861bfd74005489ba55458fd78147d8e2ba2f7e9bfb39dbd", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|1329|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshChat/index.tsx"}, "region": {"startLine": 1329}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 30933, "scanner": "repobility-docker", "fingerprint": "a78e6a729a04f93f3fd81813eb228dbc579e7d7c656e1effbd0b8f589d1287fb", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a78e6a729a04f93f3fd81813eb228dbc579e7d7c656e1effbd0b8f589d1287fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "AGT002", "level": "error", "message": {"text": "LLM memory extraction can be prompt-injected into storing fake facts"}, "properties": {"repobilityId": 30925, "scanner": "repobility-agent-runtime", "fingerprint": "efa21e4e2b056df2fc4926e4c8cf450eb6ebbfafcbf4cdebf852860178468101", "category": "llm_injection", "severity": "high", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File appears to persist LLM-extracted memory from user/assistant exchanges without visible schema validation or prompt-pattern rejection.", "evidence": {"rule_id": "AGT002", "scanner": "repobility-agent-runtime", "data_flow": "chat_exchange_to_persistent_memory", "references": ["https://owasp.org/www-project-top-10-for-large-language-model-applications/"], "correlation_key": "fp|efa21e4e2b056df2fc4926e4c8cf450eb6ebbfafcbf4cdebf852860178468101"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_wormhole_ratchet.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 30906, "scanner": "repobility-threat-engine", "fingerprint": "39cef29a10dd267d128438f5f58a84353a55f01a1a509c4c0a2ec4d8a17facd5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(token", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39cef29a10dd267d128438f5f58a84353a55f01a1a509c4c0a2ec4d8a17facd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshTerminal.tsx"}, "region": {"startLine": 4913}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 30885, "scanner": "repobility-threat-engine", "fingerprint": "b532dd27249c03e25b48b6afbe53e1cbb2f727079e66ac14dd69d3c776698598", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b532dd27249c03e25b48b6afbe53e1cbb2f727079e66ac14dd69d3c776698598"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MeshTerminal.tsx"}, "region": {"startLine": 4819}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 30884, "scanner": "repobility-threat-engine", "fingerprint": "d2269b569ddd1b28eadcbfce49103f74b0c9d37fbfc874f1dba448c77532379b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d2269b569ddd1b28eadcbfce49103f74b0c9d37fbfc874f1dba448c77532379b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/scripts/vite-no-net-use.cjs"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30875, "scanner": "repobility-threat-engine", "fingerprint": "e27a6af3633a2a19dfc22f4cce1f691b5523fcd56e7e79741a2cd6b7a4221d6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e27a6af3633a2a19dfc22f4cce1f691b5523fcd56e7e79741a2cd6b7a4221d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/companion_server.rs"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30874, "scanner": "repobility-threat-engine", "fingerprint": "3985bfbfaef67575f0ac8bcde1956ad2ee51f0851c9942422c6ed2c51fd77acb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3985bfbfaef67575f0ac8bcde1956ad2ee51f0851c9942422c6ed2c51fd77acb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/companion.rs"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 30873, "scanner": "repobility-threat-engine", "fingerprint": "d1d0e77096a5b86ee7a6f58ee590894cb423a8f439fc29c39204508b0aeeb9e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1d0e77096a5b86ee7a6f58ee590894cb423a8f439fc29c39204508b0aeeb9e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/src-tauri/src/backend_runtime.rs"}, "region": {"startLine": 523}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 30871, "scanner": "repobility-threat-engine", "fingerprint": "df577a4bd6b060befea71593c03488d96f29ac43a05613df2434fb4404bad7d4", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((o) => `${o.region_name} (${o.severity}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df577a4bd6b060befea71593c03488d96f29ac43a05613df2434fb4404bad7d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/MaplibreViewer.tsx"}, "region": {"startLine": 5242}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 30870, "scanner": "repobility-threat-engine", "fingerprint": "8ea463929fe28bd0a359b07671d8a3652dc3be1d80c1e8338939a58d89f9d931", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([k, v]) => `  \u2022 ${k}: ${v}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ea463929fe28bd0a359b07671d8a3652dc3be1d80c1e8338939a58d89f9d931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/InfonetTerminal/AIQueryView.tsx"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 30869, "scanner": "repobility-threat-engine", "fingerprint": "34921ee1c956dd584856b9b4c5ae664a48c5d609f4dfad00a5c286f040623cd3", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((item) => `${item.sha256}  ${item.path}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|34921ee1c956dd584856b9b4c5ae664a48c5d609f4dfad00a5c286f040623cd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/scripts/write-release-manifest.cjs"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 30860, "scanner": "repobility-threat-engine", "fingerprint": "9b33246942817cecb2e781ea6b0b6ebe83952a015e390d15102f60fa7af30c8b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(path=str(TOR_INSTALL_DIR)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b33246942817cecb2e781ea6b0b6ebe83952a015e390d15102f60fa7af30c8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/tor_hidden_service.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 30855, "scanner": "repobility-threat-engine", "fingerprint": "9162fb4e22bf1554ce86eefc86205de10e37599c3729aec9388e590975b6d015", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|139|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_wormhole_prekey.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 30847, "scanner": "repobility-threat-engine", "fingerprint": "a4285d7b290937ebd7bfc5b12d72a5d71f0a1d0fa8a4e8d7de85c96ab8d0eb95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a4285d7b290937ebd7bfc5b12d72a5d71f0a1d0fa8a4e8d7de85c96ab8d0eb95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/markets/resolution.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 30846, "scanner": "repobility-threat-engine", "fingerprint": "0e222031e94751629a0b43c1467194aee5ab19362ec12a7a4e824675b9889f0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0e222031e94751629a0b43c1467194aee5ab19362ec12a7a4e824675b9889f0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/markets/dispute.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 30845, "scanner": "repobility-threat-engine", "fingerprint": "433889574df38d6565ebb6b27f3f3d3155db140cbcf59b3bf077b61cfa35a74d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|433889574df38d6565ebb6b27f3f3d3155db140cbcf59b3bf077b61cfa35a74d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/markets/data_unavailable.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 30844, "scanner": "repobility-threat-engine", "fingerprint": "1593664a0b02a1d21709784d9953e96c60b9d7c1769130e5611ad681de070acc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1593664a0b02a1d21709784d9953e96c60b9d7c1769130e5611ad681de070acc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 30821, "scanner": "repobility-threat-engine", "fingerprint": "a8be2a22ebac2a2078cb724b22f4204e9a404b8233a908363ccc9374568e8bf3", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"USA[\\s\\-]*(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|1010|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/satellites.py"}, "region": {"startLine": 1010}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 30820, "scanner": "repobility-threat-engine", "fingerprint": "5a8c4af0341cd88a6550d7b40e030354e90121663516d38665f5cf1f2380f073", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'\\b' + re.escape(kw)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|156|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/news.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 30819, "scanner": "repobility-threat-engine", "fingerprint": "77bbd5651ae98ac37a5758ce2d1e7159f45baea80e0afc3966601a4872e9b6cc", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"lat=([\\d.-]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|589|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/cctv_pipeline.py"}, "region": {"startLine": 589}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 30817, "scanner": "repobility-threat-engine", "fingerprint": "d0e9816201505b15df9317bc57aaaf0f020dc8e1c0603992b0ff827bf6349c41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0e9816201505b15df9317bc57aaaf0f020dc8e1c0603992b0ff827bf6349c41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/aircraft_database.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 30816, "scanner": "repobility-threat-engine", "fingerprint": "c9495e6277c126eed01fba65ae1740e0d017c0d6ef6f9379afe0c52a30705b2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9495e6277c126eed01fba65ae1740e0d017c0d6ef6f9379afe0c52a30705b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/feed_ingester.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 30815, "scanner": "repobility-threat-engine", "fingerprint": "ba9224714d00d5b4ab4512109bd9045ffba2351974412b4af5b030dba28d0e1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba9224714d00d5b4ab4512109bd9045ffba2351974412b4af5b030dba28d0e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/cctv_pipeline.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 30810, "scanner": "repobility-threat-engine", "fingerprint": "628e6e04ea8c46f685477bc711b25a6adf377291b667f6c7b8dd834246f93c66", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/petitions/preview\")\ndef preview_petition_payload(payload: dict[str, Any] = Body(...)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|628e6e04ea8c46f685477bc711b25a6adf377291b667f6c7b8dd834246f93c66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/infonet.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 30808, "scanner": "repobility-threat-engine", "fingerprint": "743e78a56ad8928496f923d239ecbb6eeb75e68e9365ddc3e852ad0580f611c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|743e78a56ad8928496f923d239ecbb6eeb75e68e9365ddc3e852ad0580f611c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_peer_store.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 30807, "scanner": "repobility-threat-engine", "fingerprint": "86b3f0d0446e574bd9e236749cf2e1797a0c07f6f23f908e5b6f17921e844c05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86b3f0d0446e574bd9e236749cf2e1797a0c07f6f23f908e5b6f17921e844c05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/mesh/mesh_hashchain.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 30806, "scanner": "repobility-threat-engine", "fingerprint": "b0037576812e4ab036277e8d55b42741278d5aa60bb8ff97325e18e22ec3b653", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0037576812e4ab036277e8d55b42741278d5aa60bb8ff97325e18e22ec3b653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/ai_intel.py"}, "region": {"startLine": 2681}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `_refresh_node_peer_store` has cognitive complexity 33 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=6, except=2, for=3, if=9, nested_bonus=8, or=2, ternary=3."}, "properties": {"repobilityId": 30802, "scanner": "repobility-threat-engine", "fingerprint": "6a41cfd0f02d564077e8af5c795b76c613db7424a87aa2559988188ff6ab2376", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 33 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_refresh_node_peer_store", "breakdown": {"if": 9, "or": 2, "for": 3, "except": 2, "ternary": 3, "continue": 6, "nested_bonus": 8}, "complexity": 33, "correlation_key": "fp|6a41cfd0f02d564077e8af5c795b76c613db7424a87aa2559988188ff6ab2376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/node_state.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 30789, "scanner": "repobility-threat-engine", "fingerprint": "90346ebf81059c8d309f0618dd983b1017554ea3000184092aa4b424e4b3dc76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90346ebf81059c8d309f0618dd983b1017554ea3000184092aa4b424e4b3dc76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/fetchers/earth_observation.py"}, "region": {"startLine": 999}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 30788, "scanner": "repobility-threat-engine", "fingerprint": "6d4b8b2258dd0ff68a09341b2e9c311b63a67ed2332245c050d7de06f115be96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d4b8b2258dd0ff68a09341b2e9c311b63a67ed2332245c050d7de06f115be96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 3541}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30782, "scanner": "repobility-threat-engine", "fingerprint": "2f20a0e1241f67ffb4206f21f7c5b692fa77e74e0d6b8ff3bc75809ab1001d27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "allowed_sources.update({\"meshtastic\", \"meshtastic-map\"})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2f20a0e1241f67ffb4206f21f7c5b692fa77e74e0d6b8ff3bc75809ab1001d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/data.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30781, "scanner": "repobility-threat-engine", "fingerprint": "6c88c0c609491302e539eb7a4ef4d1422db88ec5df20b0829e94486cf6f1d1f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "store.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6c88c0c609491302e539eb7a4ef4d1422db88ec5df20b0829e94486cf6f1d1f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/node_state.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30780, "scanner": "repobility-threat-engine", "fingerprint": "5f2e896ed09607a4c9b63c6179e03d7240e1916b648e76d40363d71175ebaca2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "store.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f2e896ed09607a4c9b63c6179e03d7240e1916b648e76d40363d71175ebaca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1343}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 30779, "scanner": "repobility-threat-engine", "fingerprint": "c68e645a9dfa5a10ce1b6fc34c89f74785962d9015cb9b0ead320b06f7071276", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c68e645a9dfa5a10ce1b6fc34c89f74785962d9015cb9b0ead320b06f7071276"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/cctv.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 30778, "scanner": "repobility-threat-engine", "fingerprint": "d82675babf39e4fb88bb7d666584da9632faf9536f8ea1baea701acabfd2b7b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d82675babf39e4fb88bb7d666584da9632faf9536f8ea1baea701acabfd2b7b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 8163}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30768, "scanner": "repobility-threat-engine", "fingerprint": "4e07763770d5be99da38b060a0697dfbd02858e4815cb17fbcecc9df3d386ff6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4e07763770d5be99da38b060a0697dfbd02858e4815cb17fbcecc9df3d386ff6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/admin.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30767, "scanner": "repobility-threat-engine", "fingerprint": "02f373927b5f306086bb503920f5d76cca8fddd6c497eecda1c3069de4684da2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02f373927b5f306086bb503920f5d76cca8fddd6c497eecda1c3069de4684da2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1192}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30766, "scanner": "repobility-threat-engine", "fingerprint": "5413c000686b41d364c91452faf54885085a409758ae8fad0ca2af15bc5ac64b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5413c000686b41d364c91452faf54885085a409758ae8fad0ca2af15bc5ac64b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/auth.py"}, "region": {"startLine": 460}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 30764, "scanner": "repobility-threat-engine", "fingerprint": "81d0a8307f438e5b7f75b980295de6d5c9741a2ecf81d1ede42ce56a62f0d0c7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|81d0a8307f438e5b7f75b980295de6d5c9741a2ecf81d1ede42ce56a62f0d0c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/routers/cctv.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 30763, "scanner": "repobility-threat-engine", "fingerprint": "39c6510211960752b599d28f64433160035e14d44385cbca54d38b95a0a1166c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39c6510211960752b599d28f64433160035e14d44385cbca54d38b95a0a1166c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/main.py"}, "region": {"startLine": 1382}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 30762, "scanner": "repobility-threat-engine", "fingerprint": "39ed41c9095f03e8ba4c212f88082cbaf10f27f997088e3b9f3c7f2322605296", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39ed41c9095f03e8ba4c212f88082cbaf10f27f997088e3b9f3c7f2322605296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/auth.py"}, "region": {"startLine": 1321}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 30868, "scanner": "repobility-threat-engine", "fingerprint": "0d2c0048bf6aa8c0c44be5de10ec63a809d3159b3cb63ab8987e292ef2c9143c", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.3 bits) \u2014 likely real secret", "evidence": {"match": "PASSWORD=\"<redacted>\"", "reason": "High entropy value (4.3 bits) \u2014 likely real secret", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|token|4|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop-shell/tauri-skeleton/build.sh"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 30843, "scanner": "repobility-threat-engine", "fingerprint": "de619511ae4dbb50113de79c871f224a80aca74dda4beb94e39fad2860bcf55d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de619511ae4dbb50113de79c871f224a80aca74dda4beb94e39fad2860bcf55d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 30842, "scanner": "repobility-threat-engine", "fingerprint": "a65c1418162a24886a8e327b6cac480aa7a9cb4c658b0000bed1552ead005e35", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a65c1418162a24886a8e327b6cac480aa7a9cb4c658b0000bed1552ead005e35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 30841, "scanner": "repobility-threat-engine", "fingerprint": "afca203244f363d6572bd3c21a8bbdd03b6459e2a49559786f2dc9bac7628de0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|afca203244f363d6572bd3c21a8bbdd03b6459e2a49559786f2dc9bac7628de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/services/infonet/governance/dsl_executor.py"}, "region": {"startLine": 204}}}]}]}]}