{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 997 lines (recommend <300)", "shortDescription": {"text": "Average file size is 997 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll` committed in source repo: `ex/ThirdPar", "shortDescription": {"text": "[MINED134] Binary file `ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll` committed in source repo: `ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll` is a .dll binary (114,120 bytes) committed to a repo that otherwise has 1"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Produc"}, "fullDescription": {"text": "Replace with: `FROM debian:bookworm-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.client` used but never assigned in __init__: Method `index` of class `APITest` reads `self.client`, but", "shortDescription": {"text": "[MINED108] `self.client` used but never assigned in __init__: Method `index` of class `APITest` reads `self.client`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the met"}, "fullDescription": {"text": "Initialize `self.client = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1081"}, "properties": {"repository": "synopse/mORMot2", "repoUrl": "https://github.com/synopse/mORMot2", "branch": "master"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 106231, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 106230, "scanner": "repobility-docker", "fingerprint": "91630a42ebba221feec4d8a20308b125c609e880ec775185126b4eb97e0ff659", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|91630a42ebba221feec4d8a20308b125c609e880ec775185126b4eb97e0ff659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/martin-doyle/07-HttpDockerORM/docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 106229, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "ex/techempower-bench/create-postgres-database.sql", "size_mb": 0.0}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 997 lines (recommend <300)"}, "properties": {"repobilityId": 106191, "scanner": "repobility-core", "fingerprint": "2097c99a9da311cf7db7c70342a24455fb5bcebd0eef05cba4b588fa013069bc", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|2097c99a9da311cf7db7c70342a24455fb5bcebd0eef05cba4b588fa013069bc"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 106190, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 106232, "scanner": "repobility-web-presence", "fingerprint": "8dd936d78cd175b86fcea27b89adfc42f8b309087d79e9f4086c6e6bd63c8cae", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|8dd936d78cd175b86fcea27b89adfc42f8b309087d79e9f4086c6e6bd63c8cae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/12-middleware/README.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106228, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa7202764b3fa8e49d80747c820212b9cfa3ee56b2a006cb302b81f0c1df4e97", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_parser_hashchain.h", "duplicate_line": 137, "correlation_key": "fp|fa7202764b3fa8e49d80747c820212b9cfa3ee56b2a006cb302b81f0c1df4e97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_parser_nochain.h"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106227, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c82dfd7ee55bbe5e15bca49c4a6f377a976446f67927b25fe51453f2ceaa7d47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_parser_fast.h", "duplicate_line": 28, "correlation_key": "fp|c82dfd7ee55bbe5e15bca49c4a6f377a976446f67927b25fe51453f2ceaa7d47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_parser_fastsmall.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106226, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28a415797347a0d5fff6e81847a61b3f58ac3c0151af181fd934357c94af8517", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_parser_fast.h", "duplicate_line": 28, "correlation_key": "fp|28a415797347a0d5fff6e81847a61b3f58ac3c0151af181fd934357c94af8517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_parser_fastbig.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106225, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bb65cd575b6a7c3142e2e6f69287db4696f5c9d5e11aaa1d3717431cbba93ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_decompress_liz.h", "duplicate_line": 6, "correlation_key": "fp|0bb65cd575b6a7c3142e2e6f69287db4696f5c9d5e11aaa1d3717431cbba93ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress_lz4.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106224, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb1ddcb9068bf13e511ad8d03747c4da1f406ce87012d54dfda4d9f91a0173c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|eb1ddcb9068bf13e511ad8d03747c4da1f406ce87012d54dfda4d9f91a0173c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106223, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d20609b74eb68ba4292ea64190c7f3f56689f2b62ed499fe172204126bbc118e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_common.h", "duplicate_line": 3, "correlation_key": "fp|d20609b74eb68ba4292ea64190c7f3f56689f2b62ed499fe172204126bbc118e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106222, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45872b8216445ac07f7e34a946db71245f1827531cbf10e64b59b8ce66bed011", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_compress.h", "duplicate_line": 1, "correlation_key": "fp|45872b8216445ac07f7e34a946db71245f1827531cbf10e64b59b8ce66bed011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106221, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9931cfaf1bfc282dbcabceed0d933cfe45006898c24b4073a7aff55bd792cbf2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|9931cfaf1bfc282dbcabceed0d933cfe45006898c24b4073a7aff55bd792cbf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.c"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106220, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fea0f292e67e5c5dd193dafe1f7913f3264c661eb94c24e20c0541530842c108", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_common.h", "duplicate_line": 3, "correlation_key": "fp|fea0f292e67e5c5dd193dafe1f7913f3264c661eb94c24e20c0541530842c108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106219, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff3b0f0f27d566f6141896f9e8d6f4ba08e22f02662ab779b6cab39b049a56e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_compress.h", "duplicate_line": 3, "correlation_key": "fp|ff3b0f0f27d566f6141896f9e8d6f4ba08e22f02662ab779b6cab39b049a56e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_decompress.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106218, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de1dfbaf3cd0c8b79ff17d9bd30b58734873ef3611a11aff59df7d8c14857b8d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|de1dfbaf3cd0c8b79ff17d9bd30b58734873ef3611a11aff59df7d8c14857b8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_compress.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106217, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f8e312504dd7ed90e8e344ed418b48473336c1f435ddf6a4a8183d92951bb9d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_common.h", "duplicate_line": 3, "correlation_key": "fp|3f8e312504dd7ed90e8e344ed418b48473336c1f435ddf6a4a8183d92951bb9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_compress.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106216, "scanner": "repobility-ai-code-hygiene", "fingerprint": "169743567d87006880a9e3f9c713dec8a825d1c99fcc8ae0323773f31b83b04c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|169743567d87006880a9e3f9c713dec8a825d1c99fcc8ae0323773f31b83b04c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_compress.c"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106215, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0799876dcf8c37980c194a94a11490f7b207f21f526f65b1f0b4f5d4f8a25455", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/lizard_common.h", "duplicate_line": 1, "correlation_key": "fp|0799876dcf8c37980c194a94a11490f7b207f21f526f65b1f0b4f5d4f8a25455"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_compress.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106214, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1fd39bc6b46ed5a020032d8c1627573ec75d075708ba9e0255d63b3b8c504eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|c1fd39bc6b46ed5a020032d8c1627573ec75d075708ba9e0255d63b3b8c504eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/lizard_common.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106213, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d50add345717bc0000e600cdf3f6564a0a336ba1b466b3b8a7ea5f95a059e4cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/entropy_common.c", "duplicate_line": 12, "correlation_key": "fp|d50add345717bc0000e600cdf3f6564a0a336ba1b466b3b8a7ea5f95a059e4cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf_decompress.c"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106212, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82831b3e369fb2c567819696a1e5db749a4fd5b64ad5cb268cdbf080a86585aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 4, "correlation_key": "fp|82831b3e369fb2c567819696a1e5db749a4fd5b64ad5cb268cdbf080a86585aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf_decompress.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106211, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c1e93534517e0e31892c55a0051c570b8309ad60c466bbe03a7c2905b01ecf2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/entropy_common.c", "duplicate_line": 12, "correlation_key": "fp|9c1e93534517e0e31892c55a0051c570b8309ad60c466bbe03a7c2905b01ecf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf_compress.c"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106210, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3928c69f7c9095f86423049911ab7eaa9bea0315697ec0007a8daf7c93a52241", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 4, "correlation_key": "fp|3928c69f7c9095f86423049911ab7eaa9bea0315697ec0007a8daf7c93a52241"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf_compress.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106209, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7608ba599ef2f0f6b136af781157efe8ee99edf85d02220372b537733ec430ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/fse.h", "duplicate_line": 15, "correlation_key": "fp|7608ba599ef2f0f6b136af781157efe8ee99edf85d02220372b537733ec430ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf.h"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106208, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b44d9c667bbb3b90cc8831bfc7e25ca48615ab65a7814b5e3c5338ca8428f42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 4, "correlation_key": "fp|6b44d9c667bbb3b90cc8831bfc7e25ca48615ab65a7814b5e3c5338ca8428f42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/huf.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106207, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f0d91e2b81026ef5d64900eabaf3f00967fd4ead4ee9a489c82e096eb869238", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|8f0d91e2b81026ef5d64900eabaf3f00967fd4ead4ee9a489c82e096eb869238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/fse_decompress.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106206, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28d502976b3d8d464789a1108b561b8f73f306a6ae703cb815c39046b54567e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/fse_compress.c", "duplicate_line": 2, "correlation_key": "fp|28d502976b3d8d464789a1108b561b8f73f306a6ae703cb815c39046b54567e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/fse_decompress.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106205, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b9c430968c8f97719ee994a2f8134439476dfc4e3940b49b3fa6227e07df067b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|b9c430968c8f97719ee994a2f8134439476dfc4e3940b49b3fa6227e07df067b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/fse_compress.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106204, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03b5212d0b941bcb2a0ac9c00bbaf729517ca7007331c91dcc001d010a7a5947", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 4, "correlation_key": "fp|03b5212d0b941bcb2a0ac9c00bbaf729517ca7007331c91dcc001d010a7a5947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/fse.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106203, "scanner": "repobility-ai-code-hygiene", "fingerprint": "247db9eb2216216498e68aefc471a9ac79d6bd71ab29e48518e31356c2f0cd82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|247db9eb2216216498e68aefc471a9ac79d6bd71ab29e48518e31356c2f0cd82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/error_public.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "984c26973981f4f97f5b2558d15daf8e14e3509881234760cd0cad8e0195daa2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|984c26973981f4f97f5b2558d15daf8e14e3509881234760cd0cad8e0195daa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/error_private.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03cef1bc61530c48761ba680483c57e9591d41019691d80bea3fd50cd062a5d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/liblizard/lib/bitstream.h", "duplicate_line": 5, "correlation_key": "fp|03cef1bc61530c48761ba680483c57e9591d41019691d80bea3fd50cd062a5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/liblizard/lib/entropy_common.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f060732bbad98051aa8d4b140b701f0e6e4235c4cece2e77f5ff42a3aba4f96d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/libdeflate/lib/arm/matchfinder_impl.h", "duplicate_line": 10, "correlation_key": "fp|f060732bbad98051aa8d4b140b701f0e6e4235c4cece2e77f5ff42a3aba4f96d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/libdeflate/lib/x86/matchfinder_impl.h"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f615982e90dcf77aa0e0fb33f43fae0bfc92956d0b91b82ad88d3192838fbea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "res/static/libdeflate/lib/arm/crc32_impl.h", "duplicate_line": 84, "correlation_key": "fp|4f615982e90dcf77aa0e0fb33f43fae0bfc92956d0b91b82ad88d3192838fbea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/libdeflate/lib/arm/crc32_pmull_wide.h"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 106192, "scanner": "repobility-threat-engine", "fingerprint": "791d508d38bad6ae2bf4341221df5ba8daf915e6a3261bf7fafdb06d188daa50", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|133|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/50-angular/frontend/app.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 106189, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 106196, "scanner": "repobility-threat-engine", "fingerprint": "79171badd8f1babea910d056be131189464330c18fc7e8d3f77b5ffe3ebd9429", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79171badd8f1babea910d056be131189464330c18fc7e8d3f77b5ffe3ebd9429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/52-concurrency_speed_test/locusttest/locustfile.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 106195, "scanner": "repobility-threat-engine", "fingerprint": "70dfeeaa2d8776e1b4bb2f6ee849cecd0323046a085298daf1be87cb4f433310", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70dfeeaa2d8776e1b4bb2f6ee849cecd0323046a085298daf1be87cb4f433310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/51-react/frontend/src/components/customer/Customer.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 106194, "scanner": "repobility-threat-engine", "fingerprint": "19141706f7fdc9a985b53a1beff7108e6b7c095f5813f59416ed8b04d7112558", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19141706f7fdc9a985b53a1beff7108e6b7c095f5813f59416ed8b04d7112558"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/51-react/frontend/src/components/about/About.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106193, "scanner": "repobility-threat-engine", "fingerprint": "d99563ab41795625a7c7a359c9840ae483a61653430439781aadaa4ffc5a15ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d99563ab41795625a7c7a359c9840ae483a61653430439781aadaa4ffc5a15ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/50-angular/frontend/app.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll` committed in source repo: `ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll` is a .dll binary (114,120 bytes) committed to a repo that otherwise has 132 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 106236, "scanner": "repobility-supply-chain", "fingerprint": "19c0a978a7761f27f626901101c6da4162be8e712c3824ac619ff109c9858af2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19c0a978a7761f27f626901101c6da4162be8e712c3824ac619ff109c9858af2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/tbo/05-WebMustache/WebView2Loader.dll"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `res/static/delphillvm/delphi-linux-x64.o` committed in source repo: `res/static/delphillvm/delphi-linux-x64.o` is a .o binary (1,520 bytes) committed to a repo that otherwise has 132 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 106235, "scanner": "repobility-supply-chain", "fingerprint": "904f3cfe86d6ba1e6852ebe9692811799bc076fe13aedb871247763dafd7d11c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|904f3cfe86d6ba1e6852ebe9692811799bc076fe13aedb871247763dafd7d11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/delphillvm/delphi-linux-x64.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 106234, "scanner": "repobility-supply-chain", "fingerprint": "55201fea21a4ac32defeb163b9cdb82a8360bf864f4733a2415c1ee111e9262d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|55201fea21a4ac32defeb163b9cdb82a8360bf864f4733a2415c1ee111e9262d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/martin-doyle/07-HttpDockerORM/docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.client` used but never assigned in __init__: Method `index` of class `APITest` reads `self.client`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 106233, "scanner": "repobility-ast-engine", "fingerprint": "100bfb2ced0406b06e25cd5e3985590f59b952dc5dd45ee34c24ff5c6021e574", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|100bfb2ced0406b06e25cd5e3985590f59b952dc5dd45ee34c24ff5c6021e574"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ex/ThirdPartyDemos/dmvc-ai/52-concurrency_speed_test/locusttest/locustfile.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 106198, "scanner": "repobility-threat-engine", "fingerprint": "e18eb8a1b33df4b76af8345f70353622a27843537908205af7c5e94a3449edce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e18eb8a1b33df4b76af8345f70353622a27843537908205af7c5e94a3449edce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/libzlib/inflate.h"}, "region": {"startLine": 24}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 106188, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 106197, "scanner": "repobility-threat-engine", "fingerprint": "496af32d5d03ffac2c3f9247b6425b1b413814a5e6308154c681f556480577ea", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|496af32d5d03ffac2c3f9247b6425b1b413814a5e6308154c681f556480577ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "res/static/libquickjs/quickjs-jsx.h"}, "region": {"startLine": 157}}}]}]}]}