{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `test_content` (dict): `def test_content(... = []/{}/set())` \u2014 Python's default v", "shortDescription": {"text": "[MINED109] Mutable default argument in `test_content` (dict): `def test_content(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def test_content(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC031", "name": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternati", "shortDescription": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process"}, "fullDescription": {"text": "Three options, pick one:\n  1. Rewrite the pattern to avoid nested quantifiers. E.g. `(a+)+` is      functionally equivalent to `a+` for matching purposes.\n  2. Use Google's re2 (`pip install google-re2`): linear-time, drop-in      replacement for `re` for most use cases.\n  3. Set a hard timeout: `signal.alarm(1)` before regex eval.\nTest patterns against `safe-regex` or `redos-detector` before shipping."}, "properties": {"scanner": "repobility-threat-engine", "category": "redos", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `MakeRelativePathsInFlagsAbsolute` has cognitive complexity 19 (SonarSourc", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `MakeRelativePathsInFlagsAbsolute` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean ch"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED075] C Malloc No Check (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `google/clusterfuzzlite/actions/run_fuzzers` pinned to mutable ref `@v1`: `uses: google/clusterfuzzlit", "shortDescription": {"text": "[MINED115] Action `google/clusterfuzzlite/actions/run_fuzzers` pinned to mutable ref `@v1`: `uses: google/clusterfuzzlite/actions/run_fuzzers@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that ma"}, "fullDescription": {"text": "Replace with: `uses: google/clusterfuzzlite/actions/run_fuzzers@<40-char-sha>  # v1` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `gcr.io/oss-fuzz-base/base-builder:v1` not pinned by digest: `FROM gcr.io/oss-fuzz-base/base-", "shortDescription": {"text": "[MINED118] Dockerfile FROM `gcr.io/oss-fuzz-base/base-builder:v1` not pinned by digest: `FROM gcr.io/oss-fuzz-base/base-builder:v1` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build "}, "fullDescription": {"text": "Replace with: `FROM gcr.io/oss-fuzz-base/base-builder:v1@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_mtu: Test function `test_mtu` runs code but contains no assert / expect / should ", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_mtu: Test function `test_mtu` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._num` used but never assigned in __init__: Method `subst` of class `MySD` reads `self._num`, but no ass", "shortDescription": {"text": "[MINED108] `self._num` used but never assigned in __init__: Method `subst` of class `MySD` reads `self._num`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method run"}, "fullDescription": {"text": "Initialize `self._num = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `stri", "shortDescription": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import string` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1114"}, "properties": {"repository": "systemd/systemd", "repoUrl": "https://github.com/systemd/systemd", "branch": "main"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `test_content` (dict): `def test_content(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 110242, "scanner": "repobility-ast-engine", "fingerprint": "74542feec4110fea482aeb5653e831bf7d29ae0d6855d6959abbbd5bc0cb7998", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74542feec4110fea482aeb5653e831bf7d29ae0d6855d6959abbbd5bc0cb7998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `test_line` (dict): `def test_line(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 110241, "scanner": "repobility-ast-engine", "fingerprint": "2cc33c3c031e3df67ce845c4e045a60c793200a17520161c8850ad4c54fa9179", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2cc33c3c031e3df67ce845c4e045a60c793200a17520161c8850ad4c54fa9179"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 110230, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 110229, "scanner": "repobility-docker", "fingerprint": "9f09597e0dda606b6105e1f1cc7e41f8d4b5e85b5e03c94162198cc2794304fa", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "gcr.io/oss-fuzz-base/base-builder:v1", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9f09597e0dda606b6105e1f1cc7e41f8d4b5e85b5e03c94162198cc2794304fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".clusterfuzzlite/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 110220, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97dbdc9ad5db11cb3b7b83466d579a1944934c5a440d7f7da68a1d57232182f6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "tmp", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|97dbdc9ad5db11cb3b7b83466d579a1944934c5a440d7f7da68a1d57232182f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "man/inotify-watch-tmp.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 110219, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55a14a32da58c6f5e6f924b7a0a37f8da350c0f2a3e56b74a3eede67d0158fac", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|55a14a32da58c6f5e6f924b7a0a37f8da350c0f2a3e56b74a3eede67d0158fac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hwdb.d/acpi-update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110214, "scanner": "repobility-threat-engine", "fingerprint": "1b01e378f48d2c6b25c05b2db62d6a7417808a70dfb9d1a273e208efe190a3be", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/core/service.h|42|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/service.h"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC031", "level": "warning", "message": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process. CWE-1333. Real CVEs: CVE-2017-16129 (minimatch), CVE-2021-3807 (ansi-regex), and dozens more."}, "properties": {"repobilityId": 110213, "scanner": "repobility-threat-engine", "fingerprint": "d476d1bfe3d2b73ebb50099bd92a040c8b5fdc6930ce8985ee5f291b53f4bfa5", "category": "redos", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "re.match(r'^\\s*enum\\s+bpf_(cmd|map_type|prog_type|attach_type)+", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC031", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d476d1bfe3d2b73ebb50099bd92a040c8b5fdc6930ce8985ee5f291b53f4bfa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/generate-bpf-delegate-configs.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `MakeRelativePathsInFlagsAbsolute` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, for=2, if=6, nested_bonus=9."}, "properties": {"repobilityId": 110190, "scanner": "repobility-threat-engine", "fingerprint": "6a2c5c05acd5395c18a78e7f49efbccd663668e4da1736504625fadc0df70f40", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "MakeRelativePathsInFlagsAbsolute", "breakdown": {"if": 6, "for": 2, "break": 2, "nested_bonus": 9}, "complexity": 19, "correlation_key": "fp|6a2c5c05acd5395c18a78e7f49efbccd663668e4da1736504625fadc0df70f40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ycm_extra_conf.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 110185, "scanner": "repobility-threat-engine", "fingerprint": "cc2abfd2dcced33844603c8a3a6f9cd369355dd599e02cb6f327ab45267cd46c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc2abfd2dcced33844603c8a3a6f9cd369355dd599e02cb6f327ab45267cd46c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/login/pam_systemd_loadkey.c"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 110184, "scanner": "repobility-threat-engine", "fingerprint": "d5f4c239c45f4a0ded21f6e3864a430af63afcd425829c92bf4006e378714544", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d5f4c239c45f4a0ded21f6e3864a430af63afcd425829c92bf4006e378714544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.sh"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110227, "scanner": "repobility-ai-code-hygiene", "fingerprint": "22bee9e909802f24af35c58278133cd572fc52d5a6d9ce4b18e1cc5438752ab2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cgls/cgls.c", "duplicate_line": 24, "correlation_key": "fp|22bee9e909802f24af35c58278133cd572fc52d5a6d9ce4b18e1cc5438752ab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cgtop/cgtop.c"}, "region": {"startLine": 506}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110226, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df63142ae4b4ed8e03166ed07fcf292d6e29b9c73474a0498b3556e7b975e23d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/analyze/analyze.c", "duplicate_line": 265, "correlation_key": "fp|df63142ae4b4ed8e03166ed07fcf292d6e29b9c73474a0498b3556e7b975e23d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootctl/bootctl.c"}, "region": {"startLine": 332}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110225, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49526d5b7c60ae498e05ea1c15789a75c215b7e34864f0bbd1efd912c2304dfd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/bootctl/bootctl-link.c", "duplicate_line": 785, "correlation_key": "fp|49526d5b7c60ae498e05ea1c15789a75c215b7e34864f0bbd1efd912c2304dfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootctl/bootctl-unlink.c"}, "region": {"startLine": 429}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110224, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d71808b4b99bef0f5c637722e8ff91a216926ed981fb45a18dbd55f829536be6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/battery-check/battery-check.c", "duplicate_line": 42, "correlation_key": "fp|d71808b4b99bef0f5c637722e8ff91a216926ed981fb45a18dbd55f829536be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bless-boot/boot-check-no-failures.c"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110223, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1094f727264a6d386451d142f4f263d55c2468e0216160b8b9c2b22d62278fb6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ac-power/ac-power.c", "duplicate_line": 19, "correlation_key": "fp|1094f727264a6d386451d142f4f263d55c2468e0216160b8b9c2b22d62278fb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bless-boot/boot-check-no-failures.c"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110222, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39fe7aae70bcfe04c1178986f433c9a15fc8ad06643d888394d1dc2862fd5cee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ac-power/ac-power.c", "duplicate_line": 19, "correlation_key": "fp|39fe7aae70bcfe04c1178986f433c9a15fc8ad06643d888394d1dc2862fd5cee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/battery-check/battery-check.c"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110221, "scanner": "repobility-ai-code-hygiene", "fingerprint": "916c09bf0e49f3e6ace31b1b62742006b6b2bcf455be335087ff377b97939600", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/analyze/analyze-unit-gdb.c", "duplicate_line": 13, "correlation_key": "fp|916c09bf0e49f3e6ace31b1b62742006b6b2bcf455be335087ff377b97939600"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analyze/analyze-unit-shell.c"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 110218, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55427b69686b1f7db33f7ddd67b1f5cd5ddcb3f528e0115888d79e050740054a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "tmp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|55427b69686b1f7db33f7ddd67b1f5cd5ddcb3f528e0115888d79e050740054a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "man/inotify-watch-tmp.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 110217, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aed8b9f4d442c8734eed4e9e474e5ce61040925ccaf117527c5d311a276873dd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|aed8b9f4d442c8734eed4e9e474e5ce61040925ccaf117527c5d311a276873dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hwdb.d/acpi-update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `TraverseByDepth` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=3, nested_bonus=6."}, "properties": {"repobilityId": 110192, "scanner": "repobility-threat-engine", "fingerprint": "7ea30c8e733b4e098645536b7c0145799c493cd8222b2211a8490aa603021f1f", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "TraverseByDepth", "breakdown": {"if": 3, "for": 1, "else": 2, "nested_bonus": 6}, "complexity": 12, "correlation_key": "fp|7ea30c8e733b4e098645536b7c0145799c493cd8222b2211a8490aa603021f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ycm_extra_conf.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `GetCompilationInfoForFile` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=6, recursion=2."}, "properties": {"repobilityId": 110191, "scanner": "repobility-threat-engine", "fingerprint": "197bffcfd886aab0befbaf70fc30171c9f74185c680af7ca85fec28e234649e4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "GetCompilationInfoForFile", "breakdown": {"if": 4, "for": 1, "recursion": 2, "nested_bonus": 6}, "complexity": 13, "correlation_key": "fp|197bffcfd886aab0befbaf70fc30171c9f74185c680af7ca85fec28e234649e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ycm_extra_conf.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 110215, "scanner": "repobility-threat-engine", "fingerprint": "f777b66f356dc3e772f98c7d4dd7fc1a4bf43613334d5aaa97447b396d033cb5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f777b66f356dc3e772f98c7d4dd7fc1a4bf43613334d5aaa97447b396d033cb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/login/pam_systemd_loadkey.c"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 110212, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 110208, "scanner": "repobility-threat-engine", "fingerprint": "020ba6ca1815bae1d11bf18e35942dc9a86bd8d136943144e01b8117e518834c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|020ba6ca1815bae1d11bf18e35942dc9a86bd8d136943144e01b8117e518834c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/unit-name.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 110207, "scanner": "repobility-threat-engine", "fingerprint": "de3b9ce48178d46b2cd2b7846b15aa5d668aed8785344051c6e9a5bbc955f01a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|de3b9ce48178d46b2cd2b7846b15aa5d668aed8785344051c6e9a5bbc955f01a", "aggregated_count": 4}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 110203, "scanner": "repobility-threat-engine", "fingerprint": "c2c0449eee5a53e768a7b6d1519e57d1fddf612b5ef4ccda193e8812bc703639", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c2c0449eee5a53e768a7b6d1519e57d1fddf612b5ef4ccda193e8812bc703639", "aggregated_count": 7}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 110202, "scanner": "repobility-threat-engine", "fingerprint": "8fae36b08e0571fe1285e8c93df0223cadf5a75fc2d9f17501f19de4587fdc13", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8fae36b08e0571fe1285e8c93df0223cadf5a75fc2d9f17501f19de4587fdc13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/mempool.c"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 110201, "scanner": "repobility-threat-engine", "fingerprint": "0225b4950aaade70f69dec206d57f9926cc0f41d26a1f50515abedc29f84f120", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0225b4950aaade70f69dec206d57f9926cc0f41d26a1f50515abedc29f84f120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/memory-util.c"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 110200, "scanner": "repobility-threat-engine", "fingerprint": "4d195b4789c9fe223f64978a465dbc7eabcfb317c36f3fa5ca773f9c10b0053e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d195b4789c9fe223f64978a465dbc7eabcfb317c36f3fa5ca773f9c10b0053e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/alloc-util.c"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 110199, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 110195, "scanner": "repobility-threat-engine", "fingerprint": "5836a637768d1abb457f951f730edf97381bfcf4260644879804ce2d0e3914cd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5836a637768d1abb457f951f730edf97381bfcf4260644879804ce2d0e3914cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/journal-remote/log-generator.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 110194, "scanner": "repobility-threat-engine", "fingerprint": "38e015f81972d5840c3a6b25b9531570d65e689a56c0ff4efc6ba8d3a77d5e84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38e015f81972d5840c3a6b25b9531570d65e689a56c0ff4efc6ba8d3a77d5e84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "man/check-os-release.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 110193, "scanner": "repobility-threat-engine", "fingerprint": "33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "MakeRelativePathsInFlagsAbsolute", "breakdown": {"if": 6, "for": 2, "break": 2, "nested_bonus": 9}, "aggregated": true, "complexity": 19, "correlation_key": "fp|33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 110189, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 110188, "scanner": "repobility-threat-engine", "fingerprint": "bc8802c12062a86083864b31a46dd94b8bb055de3925c3f62c5362bce9b1103a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bc8802c12062a86083864b31a46dd94b8bb055de3925c3f62c5362bce9b1103a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "man/sd_bus_service_reconnect.c"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 110187, "scanner": "repobility-threat-engine", "fingerprint": "0c28247d7b56d774dfedec4d3c782319aae15fc7a9dc4eea38a2c0f04ba66417", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c28247d7b56d774dfedec4d3c782319aae15fc7a9dc4eea38a2c0f04ba66417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".semaphore/semaphore-runner.sh"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 110186, "scanner": "repobility-threat-engine", "fingerprint": "0dd53440145c360e19bba9b38885e45562b8d0f0a37ec7c5041d8e3c4130da1d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0dd53440145c360e19bba9b38885e45562b8d0f0a37ec7c5041d8e3c4130da1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.sh"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google/clusterfuzzlite/actions/run_fuzzers` pinned to mutable ref `@v1`: `uses: google/clusterfuzzlite/actions/run_fuzzers@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110292, "scanner": "repobility-supply-chain", "fingerprint": "376afd5f93f4ae570bdc374cbdbeb881f6a4c7079343faa4a298043666916c18", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|376afd5f93f4ae570bdc374cbdbeb881f6a4c7079343faa4a298043666916c18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cflite-pr.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google/clusterfuzzlite/actions/build_fuzzers` pinned to mutable ref `@v1`: `uses: google/clusterfuzzlite/actions/build_fuzzers@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110291, "scanner": "repobility-supply-chain", "fingerprint": "4885bc4d1ae617940495f875fe4715f1996f44590ef56c42c03bcd6ffe316d43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4885bc4d1ae617940495f875fe4715f1996f44590ef56c42c03bcd6ffe316d43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cflite-pr.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google/oss-fuzz/infra/cifuzz/actions/run_fuzzers` pinned to mutable ref `@master`: `uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110290, "scanner": "repobility-supply-chain", "fingerprint": "89161a04363e5572fff23b18360e60d41962057f07fa7cc46317f7c9bf731836", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89161a04363e5572fff23b18360e60d41962057f07fa7cc46317f7c9bf731836"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`: `uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110289, "scanner": "repobility-supply-chain", "fingerprint": "ec88e0bcd09b9827afbf3f5880e0d0bf0277a8886cc204af09f9891d1b40d653", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec88e0bcd09b9827afbf3f5880e0d0bf0277a8886cc204af09f9891d1b40d653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110288, "scanner": "repobility-supply-chain", "fingerprint": "0b1554bfaeb25cf470ad7c98cdad81c3705f1b2663984c49609582cb60376cd7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b1554bfaeb25cf470ad7c98cdad81c3705f1b2663984c49609582cb60376cd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mkosi.yml"}, "region": {"startLine": 326}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110287, "scanner": "repobility-supply-chain", "fingerprint": "ce68ad560266e4ae439d69168b69772905d85d5812524f13bfa6a1017e484256", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce68ad560266e4ae439d69168b69772905d85d5812524f13bfa6a1017e484256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverage.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `gcr.io/oss-fuzz-base/base-builder:v1` not pinned by digest: `FROM gcr.io/oss-fuzz-base/base-builder:v1` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 110286, "scanner": "repobility-supply-chain", "fingerprint": "7a78cc235141c0d0bbbb26e4d757ff4f7f671fcc4b11a3ac4eb4b3d2468bceae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a78cc235141c0d0bbbb26e4d757ff4f7f671fcc4b11a3ac4eb4b3d2468bceae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".clusterfuzzlite/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mtu: Test function `test_mtu` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110284, "scanner": "repobility-ast-engine", "fingerprint": "fff4999358907dc1c85ce6e224148b3f4382266cf484d5ea3125efa7b0c23a92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fff4999358907dc1c85ce6e224148b3f4382266cf484d5ea3125efa7b0c23a92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-network/systemd-networkd-tests.py"}, "region": {"startLine": 1728}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_glob: Test function `test_glob` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110283, "scanner": "repobility-ast-engine", "fingerprint": "1664314846aef3216a421b1bbda19a97591507aa3176c95089a432a8067f7454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1664314846aef3216a421b1bbda19a97591507aa3176c95089a432a8067f7454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-network/systemd-networkd-tests.py"}, "region": {"startLine": 1702}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reload: Test function `test_reload` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110282, "scanner": "repobility-ast-engine", "fingerprint": "9186b303766d9c6cf9b64ec0b3abd455d5b9866366be762a618525daf1c4c256", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9186b303766d9c6cf9b64ec0b3abd455d5b9866366be762a618525daf1c4c256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-network/systemd-networkd-tests.py"}, "region": {"startLine": 1679}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_up_down: Test function `test_up_down` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110281, "scanner": "repobility-ast-engine", "fingerprint": "752d74fefd75dcdcba401c506a738253f5f372f6f4ceca655c8f210eaa466396", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|752d74fefd75dcdcba401c506a738253f5f372f6f4ceca655c8f210eaa466396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-network/systemd-networkd-tests.py"}, "region": {"startLine": 1665}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_altname: Test function `test_altname` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110280, "scanner": "repobility-ast-engine", "fingerprint": "46a882e563a6bac96390e9a8335a2d26598cf1bdfaf09d2fe2941be73a680ba8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46a882e563a6bac96390e9a8335a2d26598cf1bdfaf09d2fe2941be73a680ba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-network/systemd-networkd-tests.py"}, "region": {"startLine": 1578}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_catchall_config_coldplug: Test function `test_catchall_config_coldplug` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110279, "scanner": "repobility-ast-engine", "fingerprint": "85c2ba6f27cf9a3005e4f75fb816eb2a361784e9a1905464e0e9d780cf6492f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85c2ba6f27cf9a3005e4f75fb816eb2a361784e9a1905464e0e9d780cf6492f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1372}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_catchall_config: Test function `test_catchall_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110278, "scanner": "repobility-ast-engine", "fingerprint": "c1b3cbc1cc34a1b4cdce96f6d95b28a852c62511f3579fdf434d773b5d14df03", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1b3cbc1cc34a1b4cdce96f6d95b28a852c62511f3579fdf434d773b5d14df03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1364}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unmanaged_setting_coldplug: Test function `test_unmanaged_setting_coldplug` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110277, "scanner": "repobility-ast-engine", "fingerprint": "177d8101ad5164911a884f4cf8e124b59bd3222e865523e6fc43d4f8176afd38", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|177d8101ad5164911a884f4cf8e124b59bd3222e865523e6fc43d4f8176afd38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1358}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unmanaged_setting: Test function `test_unmanaged_setting` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110276, "scanner": "repobility-ast-engine", "fingerprint": "f910f2d3f9f4f0a2539c826c19d241ed9cbfb3ad5491e2ca90d7efc38fcd62ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f910f2d3f9f4f0a2539c826c19d241ed9cbfb3ad5491e2ca90d7efc38fcd62ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1352}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inverted_matching: Test function `test_inverted_matching` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110275, "scanner": "repobility-ast-engine", "fingerprint": "24021c6e38dd850f4a7276f6cd56d0ca5f2678a2a86da399187515a5d54d6c67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24021c6e38dd850f4a7276f6cd56d0ca5f2678a2a86da399187515a5d54d6c67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1299}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_basic_matching: Test function `test_basic_matching` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110274, "scanner": "repobility-ast-engine", "fingerprint": "48faa8d03c06d4f7791140d9910e30a815d8b65ae4c120ab2643f5f11a4dff28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48faa8d03c06d4f7791140d9910e30a815d8b65ae4c120ab2643f5f11a4dff28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1284}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_search_domains: Test function `test_search_domains` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110273, "scanner": "repobility-ast-engine", "fingerprint": "c6c4d7cdc5ef72bc64d26b8532615e2a71be4cc90e5a21f80bf0cfb5da33ad32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6c4d7cdc5ef72bc64d26b8532615e2a71be4cc90e5a21f80bf0cfb5da33ad32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 1143}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_hotplug_dhcp_ip6: Test function `test_hotplug_dhcp_ip6` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110272, "scanner": "repobility-ast-engine", "fingerprint": "d71c2183be49675d6f7a8cb63a168cd0f9ea184e14bf950f28b3dd0b1d79d581", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d71c2183be49675d6f7a8cb63a168cd0f9ea184e14bf950f28b3dd0b1d79d581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 600}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_hotplug_dhcp_ip4: Test function `test_hotplug_dhcp_ip4` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110271, "scanner": "repobility-ast-engine", "fingerprint": "3aad31e9eda4916f50b8d1c868d01259b1225fa17133f964a54444b35b529ad5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3aad31e9eda4916f50b8d1c868d01259b1225fa17133f964a54444b35b529ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 596}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coldplug_dhcp_ip6: Test function `test_coldplug_dhcp_ip6` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110270, "scanner": "repobility-ast-engine", "fingerprint": "3002bf4a2febe6134d6fcf252fed14f24d79800e769c1645d3dd3184ee138e10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3002bf4a2febe6134d6fcf252fed14f24d79800e769c1645d3dd3184ee138e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 593}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coldplug_dhcp_ip4_only_no_ra: Test function `test_coldplug_dhcp_ip4_only_no_ra` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110269, "scanner": "repobility-ast-engine", "fingerprint": "ae8c39ad55eed3b4c97740f919397a7784de6a52c3d48a1945a1954713c40bce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae8c39ad55eed3b4c97740f919397a7784de6a52c3d48a1945a1954713c40bce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 589}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coldplug_dhcp_ip4_only: Test function `test_coldplug_dhcp_ip4_only` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110268, "scanner": "repobility-ast-engine", "fingerprint": "0a1761104a35ebf8637f11239e56561ac3fa1956ebf8c36459738743f74cdcec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a1761104a35ebf8637f11239e56561ac3fa1956ebf8c36459738743f74cdcec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coldplug_dhcp_yes_ip4_no_ra: Test function `test_coldplug_dhcp_yes_ip4_no_ra` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110267, "scanner": "repobility-ast-engine", "fingerprint": "74da2229eabe853a9a2e91b25cd462fdd4b1f761edd71b2f7d46f0272f5d9b85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74da2229eabe853a9a2e91b25cd462fdd4b1f761edd71b2f7d46f0272f5d9b85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 581}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coldplug_dhcp_yes_ip4: Test function `test_coldplug_dhcp_yes_ip4` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110266, "scanner": "repobility-ast-engine", "fingerprint": "dc2f3946bef08533be40f47424cb66a60da7d90cbe58c3b48a5ad54f4aaa612a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc2f3946bef08533be40f47424cb66a60da7d90cbe58c3b48a5ad54f4aaa612a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_bridge_init: Test function `test_bridge_init` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110265, "scanner": "repobility-ast-engine", "fingerprint": "b01f083de4fa3121f22d2d5c61d46693e4441ba02a1a0d95efcfbce3f8b6b7c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b01f083de4fa3121f22d2d5c61d46693e4441ba02a1a0d95efcfbce3f8b6b7c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/networkd-test.py"}, "region": {"startLine": 318}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._num` used but never assigned in __init__: Method `subst` of class `MySD` reads `self._num`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110264, "scanner": "repobility-ast-engine", "fingerprint": "0b325b34c9e7ce59c8586657835b7d68105f519919917b308ea3d7405ec0eab1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b325b34c9e7ce59c8586657835b7d68105f519919917b308ea3d7405ec0eab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.minor` used but never assigned in __init__: Method `subst` of class `MySD` reads `self.minor`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110263, "scanner": "repobility-ast-engine", "fingerprint": "be474a68c57f233ae787b32a0a9982dd0e6f6977ea342f94a4cfa6426f30cb71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be474a68c57f233ae787b32a0a9982dd0e6f6977ea342f94a4cfa6426f30cb71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.namestr` used but never assigned in __init__: Method `subst` of class `MySD` reads `self.namestr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110262, "scanner": "repobility-ast-engine", "fingerprint": "17c2fed3ef7258e6a44f65724e64ab52d8171149ac2cebb714245d1e7d2a5228", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|17c2fed3ef7258e6a44f65724e64ab52d8171149ac2cebb714245d1e7d2a5228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.major` used but never assigned in __init__: Method `subst` of class `MySD` reads `self.major`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110261, "scanner": "repobility-ast-engine", "fingerprint": "da67d7c5a0bd2e299230cbe8d9dc329614092151f4dac2a390fa6ecb608caa85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da67d7c5a0bd2e299230cbe8d9dc329614092151f4dac2a390fa6ecb608caa85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._num` used but never assigned in __init__: Method `subst` of class `MySD` reads `self._num`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110260, "scanner": "repobility-ast-engine", "fingerprint": "f514e981531731b18fec6132e23373f3500e376b6b8eee0a6ff98411940e56e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f514e981531731b18fec6132e23373f3500e376b6b8eee0a6ff98411940e56e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_dev_t` used but never assigned in __init__: Method `longstr` of class `SD` reads `self._get_dev_t`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110259, "scanner": "repobility-ast-engine", "fingerprint": "390c5da8b177e2cfbb9de615b1aa5edf88e14a673dffa5533c0d3d5248bdc775", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|390c5da8b177e2cfbb9de615b1aa5edf88e14a673dffa5533c0d3d5248bdc775"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.namestr` used but never assigned in __init__: Method `longstr` of class `SD` reads `self.namestr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110258, "scanner": "repobility-ast-engine", "fingerprint": "722f9cbfbb71a883758b478813977029a26c3c8d2c7d5ef26a04070853ef356f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|722f9cbfbb71a883758b478813977029a26c3c8d2c7d5ef26a04070853ef356f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.devstr` used but never assigned in __init__: Method `longstr` of class `SD` reads `self.devstr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110257, "scanner": "repobility-ast-engine", "fingerprint": "6defedc3c7c96903315b0e9345d2ab896480629b5272dd4f732d030bac4e340d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6defedc3c7c96903315b0e9345d2ab896480629b5272dd4f732d030bac4e340d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_name` used but never assigned in __init__: Method `namestr` of class `SD` reads `self._get_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110256, "scanner": "repobility-ast-engine", "fingerprint": "909d6f3bb5c77c355584d1182b1607be1a6ee6c3db9356e1554009028fb1c888", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|909d6f3bb5c77c355584d1182b1607be1a6ee6c3db9356e1554009028fb1c888"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_minor` used but never assigned in __init__: Method `devstr` of class `SD` reads `self._get_minor`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110255, "scanner": "repobility-ast-engine", "fingerprint": "986649fc366ffe428e5a4af97fdddde6f1b2b8eb2b694f01ffa09769d3c0a1c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|986649fc366ffe428e5a4af97fdddde6f1b2b8eb2b694f01ffa09769d3c0a1c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_major` used but never assigned in __init__: Method `devstr` of class `SD` reads `self._get_major`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110254, "scanner": "repobility-ast-engine", "fingerprint": "073b2d3003aeca6a3373e1e31bdcdf9082501ada813628d3fa7dd51fd01f5b48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|073b2d3003aeca6a3373e1e31bdcdf9082501ada813628d3fa7dd51fd01f5b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_minor` used but never assigned in __init__: Method `minor` of class `SD` reads `self._get_minor`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110253, "scanner": "repobility-ast-engine", "fingerprint": "04fb4826e2e4bd00387d87cd98de4c0de325d668684e8201f6a675cb43e15498", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04fb4826e2e4bd00387d87cd98de4c0de325d668684e8201f6a675cb43e15498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_major` used but never assigned in __init__: Method `major` of class `SD` reads `self._get_major`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110252, "scanner": "repobility-ast-engine", "fingerprint": "3f2d80c62b01d88d6fd20c49bc483dfc70b65ebf59e8c808fb310f0c8785e83f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f2d80c62b01d88d6fd20c49bc483dfc70b65ebf59e8c808fb310f0c8785e83f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_name` used but never assigned in __init__: Method `__str__` of class `SD` reads `self._get_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110251, "scanner": "repobility-ast-engine", "fingerprint": "daadcaa027bda9ed5eeace02e5381bf795edb86e26f2a82aa9f5d13cb6bdd1a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|daadcaa027bda9ed5eeace02e5381bf795edb86e26f2a82aa9f5d13cb6bdd1a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.devstr` used but never assigned in __init__: Method `__str__` of class `SD` reads `self.devstr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110250, "scanner": "repobility-ast-engine", "fingerprint": "7e8be24abc22942c57ce1786f8e81d5ef39f1d43694eb570bab9c2df585e1805", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e8be24abc22942c57ce1786f8e81d5ef39f1d43694eb570bab9c2df585e1805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/sd-script.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_link_remove` used but never assigned in __init__: Method `check_remove` of class `Device` reads `self.check_link_remove`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110249, "scanner": "repobility-ast-engine", "fingerprint": "a49934d54e0ec6e79e4ba4784f0df71fb024e2392fab1af053401a1412af69c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a49934d54e0ec6e79e4ba4784f0df71fb024e2392fab1af053401a1412af69c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_devnode` used but never assigned in __init__: Method `check_remove` of class `Device` reads `self.get_devnode`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110248, "scanner": "repobility-ast-engine", "fingerprint": "cf9ee5c77d740a6993cc6a430ae2414861c0209c8e8173813905121d64e45737", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf9ee5c77d740a6993cc6a430ae2414861c0209c8e8173813905121d64e45737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_link_nonexistent` used but never assigned in __init__: Method `check_add` of class `Device` reads `self.check_link_nonexistent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110247, "scanner": "repobility-ast-engine", "fingerprint": "41468260d1b7ae012526fb1da0b207a27cd653e0c4f2b19ba64496cdf95a5255", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41468260d1b7ae012526fb1da0b207a27cd653e0c4f2b19ba64496cdf95a5255"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_link_add` used but never assigned in __init__: Method `check_add` of class `Device` reads `self.check_link_add`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110246, "scanner": "repobility-ast-engine", "fingerprint": "fca2e33ab25347d3239f254463961f588aebe869b51380c87f9f0cd98049af3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fca2e33ab25347d3239f254463961f588aebe869b51380c87f9f0cd98049af3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_major_minor` used but never assigned in __init__: Method `check_add` of class `Device` reads `self.check_major_minor`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110245, "scanner": "repobility-ast-engine", "fingerprint": "6e24de46e0ebc8eca80b2bd2b88354bfbb4e4ee9cc18770eff1f7fe78f7dce68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e24de46e0ebc8eca80b2bd2b88354bfbb4e4ee9cc18770eff1f7fe78f7dce68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_permissions` used but never assigned in __init__: Method `check_add` of class `Device` reads `self.check_permissions`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110244, "scanner": "repobility-ast-engine", "fingerprint": "4f0b298921954e7f14acaa394439434ccb0688445e1a5d0a039b152eff8345b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f0b298921954e7f14acaa394439434ccb0688445e1a5d0a039b152eff8345b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_devnode` used but never assigned in __init__: Method `check_add` of class `Device` reads `self.get_devnode`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110243, "scanner": "repobility-ast-engine", "fingerprint": "7a6543792188b6a39d7e1e4d3ca537ae80a11a81351502afe74df2004e109209", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a6543792188b6a39d7e1e4d3ca537ae80a11a81351502afe74df2004e109209"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-udev.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_base64: Test function `test_base64` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110240, "scanner": "repobility-ast-engine", "fingerprint": "9740dd8e633352060f5b4d653c508fa2c6d99b40c748d71a5b354b171426d146", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9740dd8e633352060f5b4d653c508fa2c6d99b40c748d71a5b354b171426d146"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_hard_cleanup: Test function `test_hard_cleanup` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110239, "scanner": "repobility-ast-engine", "fingerprint": "d70bb3813bddc8f5e31060091af14fb198e1fad1acdc83b8c35dbd6cd562bd00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d70bb3813bddc8f5e31060091af14fb198e1fad1acdc83b8c35dbd6cd562bd00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_valid_specifiers: Test function `test_valid_specifiers` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110238, "scanner": "repobility-ast-engine", "fingerprint": "769f2c7e8270bc97576773a6efc3170988dc68026dfa7ff2f83bc99d39b8b496", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|769f2c7e8270bc97576773a6efc3170988dc68026dfa7ff2f83bc99d39b8b496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_uninitialized_t: Test function `test_uninitialized_t` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110237, "scanner": "repobility-ast-engine", "fingerprint": "102fb782505249e9bd0db2a525cbb6b6b302ae416dbf547c09e0b15c7077a36d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|102fb782505249e9bd0db2a525cbb6b6b302ae416dbf547c09e0b15c7077a36d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalids: Test function `test_invalids` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110236, "scanner": "repobility-ast-engine", "fingerprint": "bed507f32516d056595ddf231163401264c084d5323406da66151ae13627b68b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bed507f32516d056595ddf231163401264c084d5323406da66151ae13627b68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test-systemd-tmpfiles.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_filename` used but never assigned in __init__: Method `resolve` of class `CustomResolver` reads `self.resolve_filename`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110235, "scanner": "repobility-ast-engine", "fingerprint": "b32824e664f1996baffe9e0ea37221071b79616a553fa44e6a18a6ec139495a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b32824e664f1996baffe9e0ea37221071b79616a553fa44e6a18a6ec139495a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/xml_helper.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_filename` used but never assigned in __init__: Method `resolve` of class `CustomResolver` reads `self.resolve_filename`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110234, "scanner": "repobility-ast-engine", "fingerprint": "bd116d4744bc0f37a4244f2317093a1a37ce91b5c03091b3d6812703b160c803", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd116d4744bc0f37a4244f2317093a1a37ce91b5c03091b3d6812703b160c803"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/xml_helper.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_filename` used but never assigned in __init__: Method `resolve` of class `CustomResolver` reads `self.resolve_filename`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110233, "scanner": "repobility-ast-engine", "fingerprint": "8da0ad824d6527bb790c78d9c67cc2647bcdcc83e40a2e40b2c30e7b89ac46f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8da0ad824d6527bb790c78d9c67cc2647bcdcc83e40a2e40b2c30e7b89ac46f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/xml_helper.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 110228, "scanner": "repobility-docker", "fingerprint": "e7e61885d1aea0171b07bded81c00654af37a613ac74d45c68bce07a455e3a0b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e7e61885d1aea0171b07bded81c00654af37a613ac74d45c68bce07a455e3a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".clusterfuzzlite/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 110216, "scanner": "repobility-threat-engine", "fingerprint": "b8c418cae885c452074491c455092185f7b87975679c00b2314ca80eff9129ce", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|21|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shared/generate-dns_type-gperf.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110211, "scanner": "repobility-threat-engine", "fingerprint": "bb1b338130a918abd8b828b1902d6a48ca95860585bc4732b39e26553a13651f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(E", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bb1b338130a918abd8b828b1902d6a48ca95860585bc4732b39e26553a13651f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boot/url-discovery.h"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110210, "scanner": "repobility-threat-engine", "fingerprint": "a10b70d56856e43c859e43ddcc79aedde8a7e1c8220b43e4f657bdd10ec8e180", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(E", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a10b70d56856e43c859e43ddcc79aedde8a7e1c8220b43e4f657bdd10ec8e180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boot/url-discovery.c"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110209, "scanner": "repobility-threat-engine", "fingerprint": "648cceb8090af4f20f0a60976dbd7562395044c1829e331a16032b291f8c0e08", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(l", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|648cceb8090af4f20f0a60976dbd7562395044c1829e331a16032b291f8c0e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boot/export-vars.c"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 110198, "scanner": "repobility-threat-engine", "fingerprint": "099195da816265c09d8897afce5fc35073b927b1ffd76fb5d3d5ea789d435d6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|099195da816265c09d8897afce5fc35073b927b1ffd76fb5d3d5ea789d435d6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integritysetup/integrity-util.c"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 110197, "scanner": "repobility-threat-engine", "fingerprint": "0060ad864661eb2de4547a545a7e5b46c640173a9d927f2fe8ee15b7ff579998", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0060ad864661eb2de4547a545a7e5b46c640173a9d927f2fe8ee15b7ff579998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/fundamental/sha1.c"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 110196, "scanner": "repobility-threat-engine", "fingerprint": "b04d602c859dfa82009f4609e4de05513b9dff07b8c4895807177493d468179a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b04d602c859dfa82009f4609e4de05513b9dff07b8c4895807177493d468179a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analyze/analyze-pcrs.c"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 110285, "scanner": "repobility-ast-engine", "fingerprint": "e4ce7538c1ef8ae4ef1ed1a5b8bc6f8da989d77e0e228fd82d39e4df09fafdab", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4ce7538c1ef8ae4ef1ed1a5b8bc6f8da989d77e0e228fd82d39e4df09fafdab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ukify/ukify.py"}, "region": {"startLine": 1207}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 110232, "scanner": "repobility-ast-engine", "fingerprint": "53157514a33b19117fd2b9691ebd7bebea48e025edeb5ffa3fac571a59210a5c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53157514a33b19117fd2b9691ebd7bebea48e025edeb5ffa3fac571a59210a5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/update-dbus-docs.py"}, "region": {"startLine": 296}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 110231, "scanner": "repobility-ast-engine", "fingerprint": "3411d9cf986956d8a1975ebf4dc6dff3e6c285f7124d950cc199b9cd94864a1d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3411d9cf986956d8a1975ebf4dc6dff3e6c285f7124d950cc199b9cd94864a1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/update-man-rules.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 110206, "scanner": "repobility-threat-engine", "fingerprint": "223d09f454df6c0e638e53933c96ed93518d888e75dd724d3537ce50843c0976", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|223d09f454df6c0e638e53933c96ed93518d888e75dd724d3537ce50843c0976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/path-util.h"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 110205, "scanner": "repobility-threat-engine", "fingerprint": "ea880dc3002495525a6e61a882cd198209a26e625034866d8e50b3c1bae4035c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea880dc3002495525a6e61a882cd198209a26e625034866d8e50b3c1bae4035c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/ether-addr-util.c"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 110204, "scanner": "repobility-threat-engine", "fingerprint": "29a721d86181283c0d5f270b7676f08cd09bba496b2a0caee973503f82f7b697", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|29a721d86181283c0d5f270b7676f08cd09bba496b2a0caee973503f82f7b697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/basic/capability-list.c"}, "region": {"startLine": 41}}}]}]}]}