{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC028", "name": "[SEC028] CSRF Protection Removed \u2014 @csrf_exempt on state-changing endpoint: @csrf_exempt removes Django's CSRF protectio", "shortDescription": {"text": "[SEC028] CSRF Protection Removed \u2014 @csrf_exempt on state-changing endpoint: @csrf_exempt removes Django's CSRF protection from a view. On a state-changing endpoint (POST/PUT/DELETE) this allows cross-site requests to perform actions on beha"}, "fullDescription": {"text": "Either:\n  (a) Replace @csrf_exempt with @csrf_protect (or just remove the exemption).\n  (b) If this is a public API endpoint, use SessionAuthentication +       Token/JWT auth from DRF instead. Token-bearer requests aren't       vulnerable to CSRF.\n  (c) If you must skip CSRF (e.g. for a third-party callback), validate       the request via HMAC signature with the partner's shared secret,       and add a `# csrf_exempt is safe here` comment to silence the       finding."}, "properties": {"scanner": "repobility-threat-engine", "category": "csrf", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC036", "name": "[SEC036] HTTP Header Injection / CRLF Injection: Setting an HTTP response header from user input without stripping CRLF ", "shortDescription": {"text": "[SEC036] HTTP Header Injection / CRLF Injection: Setting an HTTP response header from user input without stripping CRLF lets attackers inject extra headers (Set-Cookie, etc.) or split the response. Real CVEs: CVE-2017-15193 (Mahara), CVE-20"}, "fullDescription": {"text": "Strip `\\r\\n` before setting headers:\n  safe = value.replace('\\r','').replace('\\n','')\n  response.headers['X-Custom'] = safe\nMost modern frameworks (Django 3+, Express 4.10+) already do this \u2014 but custom header-setting code often doesn't. Prefer framework methods (`response.set_cookie`) over manual header dict assignment."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC030", "name": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without vali", "shortDescription": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but"}, "fullDescription": {"text": "Validate the redirect URL against an allowlist of safe destinations:\n  # Django:\n  from django.utils.http import url_has_allowed_host_and_scheme\n  if not url_has_allowed_host_and_scheme(url, allowed_hosts={request.get_host()}):\n      url = '/'  # safe default\nOr restrict to relative paths only: `if not url.startswith('/'): abort(400)`. Never accept external schemes without verification."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/158"}, "properties": {"repository": "django/django", "repoUrl": "https://github.com/django/django", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 22860, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 22857, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 22498, "scanner": "repobility-threat-engine", "fingerprint": "42241133845ffd06436484c70a25fa5a7fa727d459a931bb3eb37e10f97d0b9b", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|43|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/cache/backends/locmem.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 22497, "scanner": "repobility-threat-engine", "fingerprint": "286279bafe1a3b959e74957aa4d7db824f320b034a13c8b4c2a0315b5c3db441", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|38|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/cache/backends/filebased.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 22496, "scanner": "repobility-threat-engine", "fingerprint": "2aba3be5584f03cbfcb2de3f8714b6750198944f225783dd66d2ee3be9071d0e", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|96|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/cache/backends/db.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 22493, "scanner": "repobility-threat-engine", "fingerprint": "1656e9c714a7e5f5cbde87364ec993c8504ba40e1f954893e8e361009f9fe3b8", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n        \"git log --pretty=format:%ct --quiet -1 HEAD\",\n        capture_output=True,", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|django/utils/version.py|90|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/utils/version.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 22490, "scanner": "repobility-threat-engine", "fingerprint": "34fb5eba98e8f5775403d80431533174f85cdfeb044bf68d1fcf0caf496e277d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|34fb5eba98e8f5775403d80431533174f85cdfeb044bf68d1fcf0caf496e277d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/apps/config.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 22489, "scanner": "repobility-threat-engine", "fingerprint": "6af8f6e0d48c565114a674e6d76e1b8cb7f6d349f3fa6b9f687b5a30c9b42067", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6af8f6e0d48c565114a674e6d76e1b8cb7f6d349f3fa6b9f687b5a30c9b42067"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/utils/http.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 22488, "scanner": "repobility-threat-engine", "fingerprint": "dae6662e5c55fc64618ed46e6254e4a7d227358336bffebaf6d46520ce582569", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dae6662e5c55fc64618ed46e6254e4a7d227358336bffebaf6d46520ce582569"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/http/response.py"}, "region": {"startLine": 336}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 22859, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 22858, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15adbb9362ee17e59cad6ba90943d32c396397e4cc46e7f68bc3bf4ffe3796e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/hr/formats.py", "duplicate_line": 20, "correlation_key": "fp|15adbb9362ee17e59cad6ba90943d32c396397e4cc46e7f68bc3bf4ffe3796e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/sr/formats.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "784b17616fabc303483417eea78ada61cd77dc07946fc7468d2aa365fd4e00ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/pl/formats.py", "duplicate_line": 8, "correlation_key": "fp|784b17616fabc303483417eea78ada61cd77dc07946fc7468d2aa365fd4e00ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/sk/formats.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5326e63b8ebf802a1e807f0abbaca1f795b07cccbdeaffd898a898dc4c60128d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/az/formats.py", "duplicate_line": 5, "correlation_key": "fp|5326e63b8ebf802a1e807f0abbaca1f795b07cccbdeaffd898a898dc4c60128d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ru/formats.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "86bcbd838f77d06f54d27fe4d3d0e335c6c921fca1da988f12f53aad4acd2598", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/cy/formats.py", "duplicate_line": 10, "correlation_key": "fp|86bcbd838f77d06f54d27fe4d3d0e335c6c921fca1da988f12f53aad4acd2598"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/pt/formats.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f49afbcf96bbb16ecc620dc1a45a3b339b4fea533077408d75774f4e190b7ec8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ka/formats.py", "duplicate_line": 13, "correlation_key": "fp|f49afbcf96bbb16ecc620dc1a45a3b339b4fea533077408d75774f4e190b7ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/nn/formats.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "864a436de92c5ee032ce21d01ff68cd4675315200b5518f55b6ea08acc3be5ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/nb/formats.py", "duplicate_line": 1, "correlation_key": "fp|864a436de92c5ee032ce21d01ff68cd4675315200b5518f55b6ea08acc3be5ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/nn/formats.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e77beb9b0f9dd12984b11323fc51054f6f944b4a90356dbc4b5ad72554e03927", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ka/formats.py", "duplicate_line": 13, "correlation_key": "fp|e77beb9b0f9dd12984b11323fc51054f6f944b4a90356dbc4b5ad72554e03927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/nb/formats.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a0cb3bc948c1db986bf4288e5df8b2e15e29082409643991ab8c0af302ce3f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/cy/formats.py", "duplicate_line": 12, "correlation_key": "fp|0a0cb3bc948c1db986bf4288e5df8b2e15e29082409643991ab8c0af302ce3f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ms/formats.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8be4d59f8212f5a0fdd31f977c118c52b7cb6746785b05a7e05ede4dbb57c9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/en_IE/formats.py", "duplicate_line": 10, "correlation_key": "fp|d8be4d59f8212f5a0fdd31f977c118c52b7cb6746785b05a7e05ede4dbb57c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ms/formats.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3470b71bc2cc7a2f6f1e49f81e77da4bcc1e6be7b80436ea0a039b22f92ea869", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/global_settings.py", "duplicate_line": 205, "correlation_key": "fp|3470b71bc2cc7a2f6f1e49f81e77da4bcc1e6be7b80436ea0a039b22f92ea869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ml/formats.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22846, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef96b5fecdf34345a63c0840e199dedd790bd5607436e93c3cab24e0764958bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/lt/formats.py", "duplicate_line": 8, "correlation_key": "fp|ef96b5fecdf34345a63c0840e199dedd790bd5607436e93c3cab24e0764958bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/lv/formats.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22845, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a60d0ab2fe66c8423bab80c65c05d7a089067c20023d2f4d6ff4ab5747d647bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ig/formats.py", "duplicate_line": 9, "correlation_key": "fp|a60d0ab2fe66c8423bab80c65c05d7a089067c20023d2f4d6ff4ab5747d647bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ky/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22844, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae0d310774e5f1e5dc38d6b2bb35132077655ef03e12a39c237d8be7b9e57ba3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/az/formats.py", "duplicate_line": 4, "correlation_key": "fp|ae0d310774e5f1e5dc38d6b2bb35132077655ef03e12a39c237d8be7b9e57ba3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ig/formats.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb87d0f2b17f9d8a61b28b55dc6c642d8ad567a6ea8470126614ba01116d5074", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/global_settings.py", "duplicate_line": 188, "correlation_key": "fp|bb87d0f2b17f9d8a61b28b55dc6c642d8ad567a6ea8470126614ba01116d5074"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ht/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "67380a87606d3ecaa0f892f68a1bc5bae409000ba433df1aa43af967cbf982b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/en/formats.py", "duplicate_line": 8, "correlation_key": "fp|67380a87606d3ecaa0f892f68a1bc5bae409000ba433df1aa43af967cbf982b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/ht/formats.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22841, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e40d8d83fa6821cbd83e106eb150d23901cbda56887737297eb0ad520303e828", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/fr_BE/formats.py", "duplicate_line": 1, "correlation_key": "fp|e40d8d83fa6821cbd83e106eb150d23901cbda56887737297eb0ad520303e828"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/fr_CH/formats.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8ba9d2c926e158d2ca8b5499aa4a8ee96287b995e6c9cb6e921972be56eb602", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/en_CA/formats.py", "duplicate_line": 9, "correlation_key": "fp|b8ba9d2c926e158d2ca8b5499aa4a8ee96287b995e6c9cb6e921972be56eb602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/fr_CA/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd4d3032d839b3ae1d35f127ae43520755e1ffc734cd3bb159c55580ae9e34aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/es_NI/formats.py", "duplicate_line": 13, "correlation_key": "fp|bd4d3032d839b3ae1d35f127ae43520755e1ffc734cd3bb159c55580ae9e34aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_PR/formats.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81bd857fb848a39ec99456055eb1016b7ffdbb8bc1ccc4077ec42122ef6378c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ca/formats.py", "duplicate_line": 9, "correlation_key": "fp|81bd857fb848a39ec99456055eb1016b7ffdbb8bc1ccc4077ec42122ef6378c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_PR/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "332cfe50ada23c710614a9ee765a7efee85dfb3fb37a69ea2a2f2c4b822a50e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/es_CO/formats.py", "duplicate_line": 9, "correlation_key": "fp|332cfe50ada23c710614a9ee765a7efee85dfb3fb37a69ea2a2f2c4b822a50e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_NI/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac44237a4f032b1b2175b6d6d0d775cc376dab45a26bf3ce020e2d5c1d250f86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/es_MX/formats.py", "duplicate_line": 1, "correlation_key": "fp|ac44237a4f032b1b2175b6d6d0d775cc376dab45a26bf3ce020e2d5c1d250f86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_NI/formats.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22835, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20b3f0d9d954b3e6285eb0d541ded86b53e7b1a48c078db3576fed62aad52ba6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/es_CO/formats.py", "duplicate_line": 9, "correlation_key": "fp|20b3f0d9d954b3e6285eb0d541ded86b53e7b1a48c078db3576fed62aad52ba6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_MX/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22834, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32a8dd92412fa4ca4c88165f685553bd8b416eb7816ac107b8ecf946980e8283", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ca/formats.py", "duplicate_line": 12, "correlation_key": "fp|32a8dd92412fa4ca4c88165f685553bd8b416eb7816ac107b8ecf946980e8283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_CO/formats.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46f7225e909f9277f9d7c493cb2eea0eae81bbf05d84c4f15b5cfcfe205a94ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ca/formats.py", "duplicate_line": 9, "correlation_key": "fp|46f7225e909f9277f9d7c493cb2eea0eae81bbf05d84c4f15b5cfcfe205a94ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es_AR/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22832, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a15773ef6ef9678f365707630474e682745e454520ac0e10e14a48c0a262ffa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/ca/formats.py", "duplicate_line": 8, "correlation_key": "fp|5a15773ef6ef9678f365707630474e682745e454520ac0e10e14a48c0a262ffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/es/formats.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22831, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1e6e71acc115d584cc086a9ac4b8644171eff9ec6964b00e138549c422b464e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/cy/formats.py", "duplicate_line": 12, "correlation_key": "fp|c1e6e71acc115d584cc086a9ac4b8644171eff9ec6964b00e138549c422b464e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/en_IE/formats.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22830, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10befc8f004ba79882c977a531d2ad415de6f31acacee384f076816f1c6f4b34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/cy/formats.py", "duplicate_line": 9, "correlation_key": "fp|10befc8f004ba79882c977a531d2ad415de6f31acacee384f076816f1c6f4b34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/en_GB/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22829, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05c421bbd566662161f242da1bbb3c0223ebfd2a34ef93a0774d0f897ec2d472", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/cy/formats.py", "duplicate_line": 9, "correlation_key": "fp|05c421bbd566662161f242da1bbb3c0223ebfd2a34ef93a0774d0f897ec2d472"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/en_AU/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22828, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e0783961f7df627f9dbcd14c3b73cbb1c9e43c2fef0d5c63e819029a7db4e9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/global_settings.py", "duplicate_line": 188, "correlation_key": "fp|7e0783961f7df627f9dbcd14c3b73cbb1c9e43c2fef0d5c63e819029a7db4e9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/en/formats.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22827, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f139c0059df4e55f3c9ebf6eafc1ed96a31a7e5865ddb1edfbcc0cb3f424180", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "django/conf/locale/de/formats.py", "duplicate_line": 1, "correlation_key": "fp|9f139c0059df4e55f3c9ebf6eafc1ed96a31a7e5865ddb1edfbcc0cb3f424180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/conf/locale/de_CH/formats.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC028", "level": "none", "message": {"text": "[SEC028] CSRF Protection Removed \u2014 @csrf_exempt on state-changing endpoint: @csrf_exempt removes Django's CSRF protection from a view. On a state-changing endpoint (POST/PUT/DELETE) this allows cross-site requests to perform actions on behalf of an authenticated user. Verify there's a compensating mechanism: API token auth, signed request, or explicit Same-Site cookie + Origin check."}, "properties": {"repobilityId": 23187, "scanner": "repobility-threat-engine", "fingerprint": "8fdef7dd5263e796c70cc0613ce4d45ce2b628bbae5a46d9e294ba2a8664167c", "category": "csrf", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '_view_wrapper\\.csrf_exempt\\s*=\\s*True' detected on same line", "evidence": {"match": "csrf_exempt = True", "reason": "Safe pattern '_view_wrapper\\.csrf_exempt\\s*=\\s*True' detected on same line", "rule_id": "SEC028", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|8fdef7dd5263e796c70cc0613ce4d45ce2b628bbae5a46d9e294ba2a8664167c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/views/decorators/csrf.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 22499, "scanner": "repobility-threat-engine", "fingerprint": "be2661587707cce223851f35575b809f74d2cf91013a38d77faf261cb6e5960e", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|be2661587707cce223851f35575b809f74d2cf91013a38d77faf261cb6e5960e"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 22492, "scanner": "repobility-threat-engine", "fingerprint": "bb1d767e1d07026e517df1a65a639cdf312028924aee127f2b4d06d6ccf0aa78", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|82|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/cache/backends/redis.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 22491, "scanner": "repobility-threat-engine", "fingerprint": "d029c300add0bb4d07f0e0358b64988eaa001b5492658be107bbd4002a6df1ca", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'sample' detected on same line", "evidence": {"match": "random.randint(", "reason": "Safe pattern 'sample' detected on same line", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|django/utils/lorem_ipsum.py|235|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/utils/lorem_ipsum.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 22486, "scanner": "repobility-threat-engine", "fingerprint": "82c6b69256192cc53f3e97906f4b7b1953127ff4369eaf5cc476c6a6e6d7a62f", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|82c6b69256192cc53f3e97906f4b7b1953127ff4369eaf5cc476c6a6e6d7a62f"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23191, "scanner": "repobility-threat-engine", "fingerprint": "421bbe7933ec31874241991d74c915249042819adf60ee30483adc8aa3dbd4df", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|421bbe7933ec31874241991d74c915249042819adf60ee30483adc8aa3dbd4df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/files/storage/filesystem.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23190, "scanner": "repobility-threat-engine", "fingerprint": "92c44b12922df32a0cfd43032e16aa8fbcec651f7f11337fa229a6b4f69383ae", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|92c44b12922df32a0cfd43032e16aa8fbcec651f7f11337fa229a6b4f69383ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/files/storage/base.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23189, "scanner": "repobility-threat-engine", "fingerprint": "f635e59ca637e67020d9733b28b76cd426a32fe95ab00ec23910cba22bdf3426", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n                s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f635e59ca637e67020d9733b28b76cd426a32fe95ab00ec23910cba22bdf3426"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/core/cache/backends/redis.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC036", "level": "error", "message": {"text": "[SEC036] HTTP Header Injection / CRLF Injection: Setting an HTTP response header from user input without stripping CRLF lets attackers inject extra headers (Set-Cookie, etc.) or split the response. Real CVEs: CVE-2017-15193 (Mahara), CVE-2019-11358 (Django), CVE-2020-26116 (Python http.client). CWE-93/113."}, "properties": {"repobilityId": 23186, "scanner": "repobility-threat-engine", "fingerprint": "92366f8d42cf1053af6e6f61ed1ec45827e27e2d3c6b65db3fb2473a51503df6", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "set_cookie(\n                settings.CSRF_COOKIE_NAME,\n                request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC036", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|django/middleware/csrf.py|258|sec036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/middleware/csrf.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 22494, "scanner": "repobility-threat-engine", "fingerprint": "98591981001ed5af6a402a92e19e3aefd8dc5111a76406cc9a9e57f60c45e688", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n            \"SELECT * FROM {} WHERE ROWNUM < 2 AND {} > 0\".format(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|178|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/db/backends/oracle/introspection.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC030", "level": "error", "message": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but land on attacker-controlled pages \u2014 common in OAuth callback flows, post-login redirects, and `next=` parameters. CWE-601."}, "properties": {"repobilityId": 22487, "scanner": "repobility-threat-engine", "fingerprint": "6f610100792cf533dbcee8403b9cf0c49d5a5713c8f6a68b1fe30991d28912ab", "category": "open_redirect", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Redirect(next_url)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC030", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6f610100792cf533dbcee8403b9cf0c49d5a5713c8f6a68b1fe30991d28912ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/views/i18n.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22485, "scanner": "repobility-threat-engine", "fingerprint": "a49734b669b192e19ba1c04eeac118dcb711513b28ae3b55b47762eb0bc65c46", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a49734b669b192e19ba1c04eeac118dcb711513b28ae3b55b47762eb0bc65c46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pr_quality/check_pr.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22484, "scanner": "repobility-threat-engine", "fingerprint": "5c2adf969bb389ec172b73d795d6fb3d9cbb43ba51434ea61c163e27448767f5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c2adf969bb389ec172b73d795d6fb3d9cbb43ba51434ea61c163e27448767f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/do_django_release.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22483, "scanner": "repobility-threat-engine", "fingerprint": "dcfb5274b13b313a47b91df9be830cbfae8ae4335ade6def35b401fe22e86cd4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcfb5274b13b313a47b91df9be830cbfae8ae4335ade6def35b401fe22e86cd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/shortcuts.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 22470, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "SEC001", "level": "error", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 22495, "scanner": "repobility-threat-engine", "fingerprint": "9290f0cd8e957d1063cad8b6e4ee8d61ad16d77905575769d5e69fdd346779e8", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.1 bits) \u2014 likely real secret", "evidence": {"match": "password = '<redacted> USER %(user)s IDENTIFIED BY \"", "reason": "High entropy value (4.1 bits) \u2014 likely real secret", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|token|29|password redacted user user s identified by"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "django/db/backends/oracle/creation.py"}, "region": {"startLine": 292}}}]}]}]}