{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 47 more): Same pattern found in 47 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/232"}, "properties": {"repository": "Palm1r/QodeAssist", "repoUrl": "https://github.com/Palm1r/QodeAssist", "branch": "main"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 46296, "scanner": "repobility-threat-engine", "fingerprint": "cc4039b6c5eece7793081c273b5935ddfc20130e96bdef40e5f6a3ad47828b12", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|settings/settingsutils.hpp|36|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings/SettingsUtils.hpp"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 46295, "scanner": "repobility-threat-engine", "fingerprint": "59a723eccde4ba9021f2549cb41704ba7262c93cb74b4583879044ba4f070c96", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|110|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings/AgentRolesWidget.cpp"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 46294, "scanner": "repobility-threat-engine", "fingerprint": "77eeb1f39d9454f8aa0c59c14afd637cd388f6507313cf2fd4acf8f4fc8d6d28", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ">exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|updatestatuswidget.cpp|68|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "UpdateStatusWidget.cpp"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f2c9ec2f1020d054a4d19bba23c9babb671e6b5bdccaca11b553779c5ff04fa", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.cpp", "duplicate_line": 38, "correlation_key": "fp|1f2c9ec2f1020d054a4d19bba23c9babb671e6b5bdccaca11b553779c5ff04fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.cpp"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36543ae892720ca6a849388e87984c1293e56e49e59a13d1a6bc21901fbe7372", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|36543ae892720ca6a849388e87984c1293e56e49e59a13d1a6bc21901fbe7372"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.cpp"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a7b90b32bcdd4f24f0c5855a89f379f71213ead4ed8ae550838dbb588cb12f4", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|7a7b90b32bcdd4f24f0c5855a89f379f71213ead4ed8ae550838dbb588cb12f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioProvider.cpp"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "285d312d2c3f236c703a510385ea417daa48ddb6e01f3d799ca3f8a3e49e54c3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ChatView/ClientInterface.cpp", "duplicate_line": 236, "correlation_key": "fp|285d312d2c3f236c703a510385ea417daa48ddb6e01f3d799ca3f8a3e49e54c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LLMClientInterface.cpp"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c135ae403fe143f16e0a63df9f334c1dffa15bd67df48e8ea4e5e555aae2244c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|c135ae403fe143f16e0a63df9f334c1dffa15bd67df48e8ea4e5e555aae2244c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OpenAICompatProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b54585c3f299f468cad4c1f8f51f7af63ac1a40f01ca1406bec3ae1d3fc39b0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/OllamaCompatProvider.cpp", "duplicate_line": 44, "correlation_key": "fp|b54585c3f299f468cad4c1f8f51f7af63ac1a40f01ca1406bec3ae1d3fc39b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OpenAICompatProvider.cpp"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78d57cc1a8fe89ac9815a012b05e6fb1bc28118c5dbf60915f404d4a591bef32", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.cpp", "duplicate_line": 42, "correlation_key": "fp|78d57cc1a8fe89ac9815a012b05e6fb1bc28118c5dbf60915f404d4a591bef32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OpenAICompatProvider.cpp"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5eb0bac26905d264d9273512dea1490ec89eeabe32116bbd8ee5d03c49254cf4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/DeepSeekProvider.cpp", "duplicate_line": 39, "correlation_key": "fp|5eb0bac26905d264d9273512dea1490ec89eeabe32116bbd8ee5d03c49254cf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OpenAICompatProvider.cpp"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7129a69157b2386e06ab6db854a94821ce027c844331ddd219f452a780602a0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|a7129a69157b2386e06ab6db854a94821ce027c844331ddd219f452a780602a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OpenAICompatProvider.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27a32056e80511934e4edb85c68335f587fd8c1f0016617012fad08492021c31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|27a32056e80511934e4edb85c68335f587fd8c1f0016617012fad08492021c31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bce73ce5c9ad7ebfea28a024b93eb3b27da9de506871d415eaa7583fba1fd7c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.hpp", "duplicate_line": 10, "correlation_key": "fp|bce73ce5c9ad7ebfea28a024b93eb3b27da9de506871d415eaa7583fba1fd7c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaCompatProvider.hpp"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "590fb549a99aa0653f9d89390f77cb2fb5265452b36a826dc2757ee7c6e0d16b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|590fb549a99aa0653f9d89390f77cb2fb5265452b36a826dc2757ee7c6e0d16b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaCompatProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "775c1cc5105869ebe30f6e29a3a83d273e00563143a0b3e2138f2a14a025ad77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.cpp", "duplicate_line": 42, "correlation_key": "fp|775c1cc5105869ebe30f6e29a3a83d273e00563143a0b3e2138f2a14a025ad77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaCompatProvider.cpp"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ffbd19f7c20601e71120c8648ac35b4d86c6c25e642355c3a490d7640a5ad1c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/DeepSeekProvider.cpp", "duplicate_line": 39, "correlation_key": "fp|8ffbd19f7c20601e71120c8648ac35b4d86c6c25e642355c3a490d7640a5ad1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaCompatProvider.cpp"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e48e7c48c0db05c21da125d00576f6cee26d5bc3d839c859ddb44a99a2ccce9d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|e48e7c48c0db05c21da125d00576f6cee26d5bc3d839c859ddb44a99a2ccce9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/OllamaCompatProvider.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "efce7d428e3be83e4ceb5c1220fde5ac31f68e1ad9bfa5ecda1148c507820859", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|efce7d428e3be83e4ceb5c1220fde5ac31f68e1ad9bfa5ecda1148c507820859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a30ca8bcc949aed765790b2a5a7a313ae4607a86b711221ec987412f571125b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.cpp", "duplicate_line": 42, "correlation_key": "fp|0a30ca8bcc949aed765790b2a5a7a313ae4607a86b711221ec987412f571125b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.cpp"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de849d1331d4e42d86e6189bba3a33ab623de55b573aaea47b50ddaaab14c448", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/DeepSeekProvider.cpp", "duplicate_line": 39, "correlation_key": "fp|de849d1331d4e42d86e6189bba3a33ab623de55b573aaea47b50ddaaab14c448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.cpp"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a8e63fb4ff5b5ff48df27298be782e279b95176d3e7c859aae3b711d7962f1de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|a8e63fb4ff5b5ff48df27298be782e279b95176d3e7c859aae3b711d7962f1de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/MistralAIProvider.cpp"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d757f17a15c13afb4b28f2aaffc64ef6a4c04a29dd2f07f06b71b9e7477c03a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.cpp", "duplicate_line": 42, "correlation_key": "fp|1d757f17a15c13afb4b28f2aaffc64ef6a4c04a29dd2f07f06b71b9e7477c03a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LlamaCppProvider.cpp"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14169290be4dbc1dcda4b02352f17f531e793c028d22a0a311f4fb081e64b6ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/LMStudioProvider.hpp", "duplicate_line": 10, "correlation_key": "fp|14169290be4dbc1dcda4b02352f17f531e793c028d22a0a311f4fb081e64b6ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioResponsesProvider.hpp"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bd3e51cc45859ecba95209db9799c1e4fa26cf8b606fec43b88a477f9760cd3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/DeepSeekProvider.cpp", "duplicate_line": 39, "correlation_key": "fp|0bd3e51cc45859ecba95209db9799c1e4fa26cf8b606fec43b88a477f9760cd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioProvider.cpp"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4223ea416a425fa19a28d60d78aa1a5b717e7c7649dbe9780412a010fb8435cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|4223ea416a425fa19a28d60d78aa1a5b717e7c7649dbe9780412a010fb8435cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioProvider.cpp"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46264, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9965925986851cf6095b24b53d3d11ac1f7ba03903d6219dd292d15340e3333", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|d9965925986851cf6095b24b53d3d11ac1f7ba03903d6219dd292d15340e3333"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/DeepSeekProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46263, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1449bcd4604aa9cba8342fde71e730e2b89c41751339ede32b2475fc71e6d102", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|1449bcd4604aa9cba8342fde71e730e2b89c41751339ede32b2475fc71e6d102"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/DeepSeekProvider.cpp"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 46262, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec32604e3336f88281c37bd25a1590ec2e49e23d826cf852eb9c386c77b69d68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ChatView/ClientInterface.cpp", "duplicate_line": 321, "correlation_key": "fp|ec32604e3336f88281c37bd25a1590ec2e49e23d826cf852eb9c386c77b69d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LLMClientInterface.cpp"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bff9fded4499e5964c2a6e3dd70b6ec963853f692ddb83a79ec9750fbdee513", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|1bff9fded4499e5964c2a6e3dd70b6ec963853f692ddb83a79ec9750fbdee513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LlamaCppProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30ebca72e5138bc66edb3a13aded50a13d55317cffe48d9d398c1f314c7833b5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/DeepSeekProvider.cpp", "duplicate_line": 39, "correlation_key": "fp|30ebca72e5138bc66edb3a13aded50a13d55317cffe48d9d398c1f314c7833b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LlamaCppProvider.cpp"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2782f7e98ea860807e386bfe74ac546accdef6a8a217ed2c45fa36a74ca78d21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|2782f7e98ea860807e386bfe74ac546accdef6a8a217ed2c45fa36a74ca78d21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LlamaCppProvider.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a219fdd1ae24dcae92440bc18209d0c424b0bccc9f3f09937f572a19985eb6be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|a219fdd1ae24dcae92440bc18209d0c424b0bccc9f3f09937f572a19985eb6be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioResponsesProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af4d983638ac0ad3ffd55f79fcc60d672e0f1022decf42ec37d3480995952451", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|af4d983638ac0ad3ffd55f79fcc60d672e0f1022decf42ec37d3480995952451"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioResponsesProvider.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5422959731ee8ba1e23160a296310f742d01ddd11d0dd3dd192a677902d5566", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|e5422959731ee8ba1e23160a296310f742d01ddd11d0dd3dd192a677902d5566"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/LMStudioProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be67e1d0929cf3c572e88c2acf9ad9de79e5733ae599ef97d24ccbdf8a78e14d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.hpp", "duplicate_line": 7, "correlation_key": "fp|be67e1d0929cf3c572e88c2acf9ad9de79e5733ae599ef97d24ccbdf8a78e14d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/GoogleAIProvider.hpp"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94d7cbd5aebbc3d5b45bedf8a0052bf460915c503bbaea3bc88a770b06cc4b4d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "providers/ClaudeProvider.cpp", "duplicate_line": 21, "correlation_key": "fp|94d7cbd5aebbc3d5b45bedf8a0052bf460915c503bbaea3bc88a770b06cc4b4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "providers/GoogleAIProvider.cpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 46298, "scanner": "repobility-threat-engine", "fingerprint": "6d66925caf02c65c78179469aaf66d9606c109cbcc2163fabec89cc03e4a2794", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d66925caf02c65c78179469aaf66d9606c109cbcc2163fabec89cc03e4a2794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sources/providersConfig/ProviderInstance.cpp"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "properties": {"repobilityId": 46292, "scanner": "repobility-threat-engine", "fingerprint": "c346005248083b74b577da85b2c452a0e7378ef38935291acbce36fa3f36a6d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 47 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c346005248083b74b577da85b2c452a0e7378ef38935291acbce36fa3f36a6d1", "aggregated_count": 47}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 46291, "scanner": "repobility-threat-engine", "fingerprint": "9e69346db0b71d5a821bca37ca93f3eea7970ea472d96f0c00db43fc3933c97d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e69346db0b71d5a821bca37ca93f3eea7970ea472d96f0c00db43fc3933c97d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "RefactorSuggestionHoverHandler.cpp"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 46290, "scanner": "repobility-threat-engine", "fingerprint": "8c0c9822a68d411720cee2651b09459756febe2680356d20b275eb6f8f4af874", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c0c9822a68d411720cee2651b09459756febe2680356d20b275eb6f8f4af874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ChatView/ChatView.cpp"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 46289, "scanner": "repobility-threat-engine", "fingerprint": "02e94b5cf2471c95947cce9ce65e60768b691d4b04a02a4e252608aa6ab8c462", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02e94b5cf2471c95947cce9ce65e60768b691d4b04a02a4e252608aa6ab8c462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ChatView/ChatHistoryStore.cpp"}, "region": {"startLine": 121}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 46288, "scanner": "repobility-threat-engine", "fingerprint": "0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 46284, "scanner": "repobility-threat-engine", "fingerprint": "1a9fb1ef27a61f4e238a9f230ba98d5d77b14432b39e1ac7c7a448ba4beb3063", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a9fb1ef27a61f4e238a9f230ba98d5d77b14432b39e1ac7c7a448ba4beb3063"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/registerPlugin.js"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 46297, "scanner": "repobility-threat-engine", "fingerprint": "7d58a5e571542e9c0664768f31040599de0d6e97f50e46b56adfaa7025acfb0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(m_chatButton", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7d58a5e571542e9c0664768f31040599de0d6e97f50e46b56adfaa7025acfb0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "UpdateStatusWidget.cpp"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 46293, "scanner": "repobility-threat-engine", "fingerprint": "37f7539fc086f72befab749fe913844bc97144bfa0ab38e90d9703907b600f55", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(const QJsonObject &request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|llmclientinterface.hpp|63|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "LLMClientInterface.hpp"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 46287, "scanner": "repobility-threat-engine", "fingerprint": "cf4b1027ac9845a5b67aa663b437947a4bcd8f1296e6aa9681de3a4148f8c89d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(Q", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf4b1027ac9845a5b67aa663b437947a4bcd8f1296e6aa9681de3a4148f8c89d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ChatView/FileItem.cpp"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 46286, "scanner": "repobility-threat-engine", "fingerprint": "1a6556b9140499cd30e01c0181f4aa0e91c77f61d48c35009bf3d883bcd17be8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1a6556b9140499cd30e01c0181f4aa0e91c77f61d48c35009bf3d883bcd17be8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ChatView/ChatHistoryStore.cpp"}, "region": {"startLine": 186}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 46285, "scanner": "repobility-threat-engine", "fingerprint": "24b529c5081fb2c566c52213f60de35b452dfd23ce8a05515be96ac9974d94cd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24b529c5081fb2c566c52213f60de35b452dfd23ce8a05515be96ac9974d94cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ChatView/ChatCompressor.cpp"}, "region": {"startLine": 79}}}]}]}]}