{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /ty"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /types."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /read-all."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /read-all."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 41.5% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 41.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 41.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /submission/:submission_id."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /submission/:submission_id."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `node:24-slim` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `node:24-slim` not pinned by digest"}, "fullDescription": {"text": "`FROM node:24-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "Express POST /:user_id/change-password has no auth", "shortDescription": {"text": "Express POST /:user_id/change-password has no auth"}, "fullDescription": {"text": "Express route POST /:user_id/change-password declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/566"}, "properties": {"repository": "deepakmuvva99/backend_dasep", "repoUrl": "https://github.com/deepakmuvva99/backend_dasep.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 38921, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 38920, "scanner": "repobility-journey-contract", "fingerprint": "1709e1f456501727bf826420f5d27c6ec037e63336e7e1517596a8c69a602f12", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1", "correlation_key": "fp|1709e1f456501727bf826420f5d27c6ec037e63336e7e1517596a8c69a602f12", "backend_endpoint_count": 53}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 38919, "scanner": "repobility-journey-contract", "fingerprint": "0856d773933191a93db43c467cc50fd4872681bc45038fb8c93047136b416f88", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1", "correlation_key": "fp|0856d773933191a93db43c467cc50fd4872681bc45038fb8c93047136b416f88", "backend_endpoint_count": 53}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/app.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /types."}, "properties": {"repobilityId": 38917, "scanner": "repobility-access-control", "fingerprint": "05a5829b06c0ce3e0091c153c56c4a89a4d43b7a00e77975f4ded41e112bf182", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/types", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|10|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/files.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /:notification_id/read."}, "properties": {"repobilityId": 38916, "scanner": "repobility-access-control", "fingerprint": "d6bfce43393a57829a5b155037e074ce9b5c13c6c7f419b39f20e4a357786904", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:notification_id/read", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|22|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/notifications.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 38915, "scanner": "repobility-access-control", "fingerprint": "a37c7e3024964c9d3a3f5285f8e271149c09147e6bc789ad8cbadcd07f97e489", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|15|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/permissions.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /version/:version_id."}, "properties": {"repobilityId": 38914, "scanner": "repobility-access-control", "fingerprint": "df6b538bf3b9af0165eaae6b390e328b68670ea0dc02fdb10bc927da178f2190", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/version/:version_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/pages.js|12|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/pages.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:file_id/sas-token."}, "properties": {"repobilityId": 38913, "scanner": "repobility-access-control", "fingerprint": "aed1619245f46ad35eb2a4cce3b906b65e0ffa3b6a3b4fb0555534949126db4e", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:file_id/sas-token", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|26|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:file_id/versions/current."}, "properties": {"repobilityId": 38912, "scanner": "repobility-access-control", "fingerprint": "5e0acaa1760b444793e5a7efa566748aabfa4fb3ab160bbddf8e7d7e314ef452", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:file_id/versions/current", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|25|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /request-upload."}, "properties": {"repobilityId": 38911, "scanner": "repobility-access-control", "fingerprint": "c82102a56d83271550045065c22b2401e5c790d51b2ec26daac5487b00aea10d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/request-upload", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|13|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /types."}, "properties": {"repobilityId": 38910, "scanner": "repobility-access-control", "fingerprint": "71f1fe3b2f2f210c85f72d5f120dc0cd2d7ac205fcf782b868d1c6b47012a219", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/types", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|10|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /:notification_id/read."}, "properties": {"repobilityId": 38909, "scanner": "repobility-access-control", "fingerprint": "9b19527f05f515c177c9657dccbae41f016d9764e8187b6e432ccf939d275f50", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:notification_id/read", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/notifications.js|22|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/notifications.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 38908, "scanner": "repobility-access-control", "fingerprint": "aa175c5f28db7e716c0233c20c079bcfa5ea21e68234cd99c822f16cddbe7078", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/permissions.js|15|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /read-all."}, "properties": {"repobilityId": 38907, "scanner": "repobility-access-control", "fingerprint": "e1b9051aadab7a9dcd9cd04e01c96a7e1b8cc5434ef842ca6e2b2d13c38c8dba", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/read-all", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/notifications.js|15|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/notifications.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /entity/:entity_type/:entity_id."}, "properties": {"repobilityId": 38906, "scanner": "repobility-access-control", "fingerprint": "2c31f8b383f4808f18b2b869a7d30276b6c41de65aa94e48bbc1a61f1a74f38e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/entity/:entity_type/:entity_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/audit-logs.js|15|cwe-285", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/audit-logs.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /:audit_log_id."}, "properties": {"repobilityId": 38905, "scanner": "repobility-access-control", "fingerprint": "156e96edd0a2d49fecf0c907bef853e87bc53314ca9df2586e8f22024d2d8be8", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:audit_log_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/audit-logs.js|13|cwe-285", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/audit-logs.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /lookup."}, "properties": {"repobilityId": 38904, "scanner": "repobility-access-control", "fingerprint": "fde032f3a7c428064a6236e2fab43a106cb7b4687fc81dc5c053189c4505dfae", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/lookup", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/classes.js|15|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/classes.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /:id."}, "properties": {"repobilityId": 38903, "scanner": "repobility-access-control", "fingerprint": "c125d360a0f2598c313417f91f4201eb0ee7e18550ffb97244a7872e5fde6f5e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/permissions.js|14|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /."}, "properties": {"repobilityId": 38902, "scanner": "repobility-access-control", "fingerprint": "2b0fe9b528acf984b09fa69cda52cec5d03b67abd1b5857a36dbdc301e14265a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "POST", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/permissions.js|13|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /:id."}, "properties": {"repobilityId": 38901, "scanner": "repobility-access-control", "fingerprint": "db0227f21e0c143644479ba9d611961163760f660da243c5bc91615e4092e7f4", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/permissions.js|12|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /."}, "properties": {"repobilityId": 38900, "scanner": "repobility-access-control", "fingerprint": "8a93c5a61e7b136aa8906ed7f59a5c0bb8659ca5296fb4de6b9ea52b343115ad", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/permissions.js|11|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /submission/:submission_id."}, "properties": {"repobilityId": 38899, "scanner": "repobility-access-control", "fingerprint": "7c601dc2c38014e05c63260b164d099510449ebac24ff8405c72b1f8327568ba", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/submission/:submission_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/documents.js|15|cwe-285", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/documents.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /lookup."}, "properties": {"repobilityId": 38898, "scanner": "repobility-access-control", "fingerprint": "10b4c9fa356fffdeb0a4226453cc8618806b9203251e7fe75709dcf0626029ab", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/lookup", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/subjects.js|16|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/subjects.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 41.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 38887, "scanner": "repobility-access-control", "fingerprint": "52993b8d91f9b4aabdff762e51c29171f9b0f9fce775ec0c72dd26c949dd3bee", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 53, "correlation_key": "fp|52993b8d91f9b4aabdff762e51c29171f9b0f9fce775ec0c72dd26c949dd3bee", "auth_visible_percent": 41.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 38886, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 38885, "scanner": "repobility-docker", "fingerprint": "037b73f6f6fbab0ccf353703f6d9bbd71e6b4bb39c481194f0f70f1f223f7a1e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:24-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|037b73f6f6fbab0ccf353703f6d9bbd71e6b4bb39c481194f0f70f1f223f7a1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 38884, "scanner": "repobility-docker", "fingerprint": "24771c0f12243b4e9e58e3f6fd5bdd9e9cc0347438fcd168cab567a72badfce9", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|24771c0f12243b4e9e58e3f6fd5bdd9e9cc0347438fcd168cab567a72badfce9", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 38882, "scanner": "repobility-docker", "fingerprint": "33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 38881, "scanner": "repobility-docker", "fingerprint": "8d96a8720df6ff3371ada3609e8a4cdc0299734c753ccb5d1621ad974e89f1e5", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8d96a8720df6ff3371ada3609e8a4cdc0299734c753ccb5d1621ad974e89f1e5", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 38878, "scanner": "repobility-threat-engine", "fingerprint": "e948aa90d74e96f73e17691f63530827eb94b299313785034825779d806be925", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|generate_postman.js|96|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generate_postman.js"}, "region": {"startLine": 96}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 38803, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 38918, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 38883, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c776b797e8930d849d5e7ed84d44f771122efb921f949231e3f6d5e52eb47d00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/evaluationsModel.js", "duplicate_line": 41, "correlation_key": "fp|c776b797e8930d849d5e7ed84d44f771122efb921f949231e3f6d5e52eb47d00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/evaluationsModel.js"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38832, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e37d19ddb00dc32d9c83137c62679c6ec8846961fd9268c4c7c4fe7a0fd7c91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/documentsModel.js", "duplicate_line": 1, "correlation_key": "fp|1e37d19ddb00dc32d9c83137c62679c6ec8846961fd9268c4c7c4fe7a0fd7c91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/documentsModel.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38831, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23cdf5c2e2a82971b47d427353158c8887c5e72c56a90612cfb536e4ed380b6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/classesModel.js", "duplicate_line": 30, "correlation_key": "fp|23cdf5c2e2a82971b47d427353158c8887c5e72c56a90612cfb536e4ed380b6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/classesModel.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38830, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c53a65c88c9dd0511bbe55124597e001e95acdfa97d35c180d0207280fe7226", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/auditLogsModel.js", "duplicate_line": 1, "correlation_key": "fp|5c53a65c88c9dd0511bbe55124597e001e95acdfa97d35c180d0207280fe7226"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/auditLogsModel.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38829, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b15ed1bfe235c6369428766843c549112347fda6a9b711733ba7c6267a6cec7e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/assignmentsModel.js", "duplicate_line": 20, "correlation_key": "fp|b15ed1bfe235c6369428766843c549112347fda6a9b711733ba7c6267a6cec7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/assignmentsModel.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38828, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da48b160d1d09a796576242f5167f429e47682d807cf588e5c2cc21ae6b660cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/models/annotationsModel.js", "duplicate_line": 1, "correlation_key": "fp|da48b160d1d09a796576242f5167f429e47682d807cf588e5c2cc21ae6b660cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "models/annotationsModel.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38827, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1601eb5db75dfff4ea94ad019a9b95520c8aa5206161ceaa6677a10576f3aab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/middlewares/uploadMiddleware.js", "duplicate_line": 1, "correlation_key": "fp|e1601eb5db75dfff4ea94ad019a9b95520c8aa5206161ceaa6677a10576f3aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "middlewares/uploadMiddleware.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38826, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc8b36557f37c8a82605f50ef9d571d11163e45a7065110bf1b0311a1eca116e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/middlewares/errorMiddleware.js", "duplicate_line": 1, "correlation_key": "fp|dc8b36557f37c8a82605f50ef9d571d11163e45a7065110bf1b0311a1eca116e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "middlewares/errorMiddleware.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38825, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a289d07bd5270611b1b0841cedc603452fb27866931ca92c1081364122bed04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/middlewares/authMiddleware.js", "duplicate_line": 3, "correlation_key": "fp|5a289d07bd5270611b1b0841cedc603452fb27866931ca92c1081364122bed04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "middlewares/authMiddleware.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38824, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8618e079c521cca2b68f9b6700b8828193ddf4813fc2f608e871db5ff27b93d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/eslint.config.js", "duplicate_line": 1, "correlation_key": "fp|f8618e079c521cca2b68f9b6700b8828193ddf4813fc2f608e871db5ff27b93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eslint.config.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2b173d54add388c8bd97a70b45bd04875248d42f63c2d7f8e7f2f33a88648ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/usersController.js", "duplicate_line": 12, "correlation_key": "fp|e2b173d54add388c8bd97a70b45bd04875248d42f63c2d7f8e7f2f33a88648ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/usersController.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e72c2c7a8a3988b9178d1c3381e5b3364523feb02eb1f7ed3f25a4629b152f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/submissionsController.js", "duplicate_line": 37, "correlation_key": "fp|9e72c2c7a8a3988b9178d1c3381e5b3364523feb02eb1f7ed3f25a4629b152f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/submissionsController.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e75134e9c21a53781bd05d6e06d6688adaa09342e9aa83ce81ecfad06cf488b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/subjectsController.js", "duplicate_line": 1, "correlation_key": "fp|1e75134e9c21a53781bd05d6e06d6688adaa09342e9aa83ce81ecfad06cf488b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/subjectsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46df02a792876d445dfe698c56caf086f602669d7738c4c2a8975a77815e1ec4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/studentsController.js", "duplicate_line": 1, "correlation_key": "fp|46df02a792876d445dfe698c56caf086f602669d7738c4c2a8975a77815e1ec4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/studentsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c551a73cd557ec7ff0df7da198885b38e59dcc42da3f8098f43127224f81dd6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/rolesController.js", "duplicate_line": 1, "correlation_key": "fp|c551a73cd557ec7ff0df7da198885b38e59dcc42da3f8098f43127224f81dd6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/rolesController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd2f23ac1b82ba3b879253c30c4c89c096902a4c435fce0058305bc48a0bee28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/permissionsController.js", "duplicate_line": 1, "correlation_key": "fp|fd2f23ac1b82ba3b879253c30c4c89c096902a4c435fce0058305bc48a0bee28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/permissionsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38817, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2611836a9f1bb892e2f94ce20f5185a3b05dd79944df33bcdf969da2537e0c22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/pagesController.js", "duplicate_line": 12, "correlation_key": "fp|2611836a9f1bb892e2f94ce20f5185a3b05dd79944df33bcdf969da2537e0c22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/pagesController.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b30eb33d6e25612839920a6c9f027a6cece95c652eff604e2a85000be5c796fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/notificationsController.js", "duplicate_line": 1, "correlation_key": "fp|b30eb33d6e25612839920a6c9f027a6cece95c652eff604e2a85000be5c796fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/notificationsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38815, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8778af391aff831921529d2021c13dd991939908bb16c8fedbe68d043f39e050", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/filesController.js", "duplicate_line": 5, "correlation_key": "fp|8778af391aff831921529d2021c13dd991939908bb16c8fedbe68d043f39e050"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/filesController.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1922d2e6d191b76ecad8650e5ada23e056660fc74179293c150d93da68d7b25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/facultyController.js", "duplicate_line": 10, "correlation_key": "fp|f1922d2e6d191b76ecad8650e5ada23e056660fc74179293c150d93da68d7b25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/facultyController.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38813, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d4ada878c4ff06a45dfe4119ba8ff8550c2314a6724098623e3efc2f253f13d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/examSchedulesController.js", "duplicate_line": 1, "correlation_key": "fp|2d4ada878c4ff06a45dfe4119ba8ff8550c2314a6724098623e3efc2f253f13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/examSchedulesController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38812, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36a67516db53582cbebd7891ae8c1124841b04a3a6372b8f91d757e2cdb3437c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/evaluationsController.js", "duplicate_line": 1, "correlation_key": "fp|36a67516db53582cbebd7891ae8c1124841b04a3a6372b8f91d757e2cdb3437c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/evaluationsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38811, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b429ddeba959ba988490760abfe40daa68cf6b1046a16ba76037c931436ba4ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/documentsController.js", "duplicate_line": 1, "correlation_key": "fp|b429ddeba959ba988490760abfe40daa68cf6b1046a16ba76037c931436ba4ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/documentsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38810, "scanner": "repobility-ai-code-hygiene", "fingerprint": "090a5f5df63694548c8d8aca7346e1ff08c05c38e4e8565f76e0d67705fd81b5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/classesController.js", "duplicate_line": 1, "correlation_key": "fp|090a5f5df63694548c8d8aca7346e1ff08c05c38e4e8565f76e0d67705fd81b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/classesController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38809, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7343bedaa2642df274d8b90a09d05db099908f920795ff706ec1e0367c6b0ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/authController.js", "duplicate_line": 1, "correlation_key": "fp|a7343bedaa2642df274d8b90a09d05db099908f920795ff706ec1e0367c6b0ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/authController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38808, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4431be90ad706fddc8cc83400f153e5a61a1e5bdab68d2e7fc587e9b34fe843", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/auditLogsController.js", "duplicate_line": 1, "correlation_key": "fp|f4431be90ad706fddc8cc83400f153e5a61a1e5bdab68d2e7fc587e9b34fe843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/auditLogsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38807, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1a72a8709fe569a7338cd04f25088460ed9864f31eb857395376234077621ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/assignmentsController.js", "duplicate_line": 1, "correlation_key": "fp|a1a72a8709fe569a7338cd04f25088460ed9864f31eb857395376234077621ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/assignmentsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38806, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0068d390c29ef14d054a9618ea0007285405956b0137dfcfe9625927bc139d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/controllers/annotationsController.js", "duplicate_line": 1, "correlation_key": "fp|a0068d390c29ef14d054a9618ea0007285405956b0137dfcfe9625927bc139d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/annotationsController.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "acaadcb05fd7c6c9aea99fadb01885b4baf784ab43cddf664f1df9d9c67905c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/config/database.js", "duplicate_line": 1, "correlation_key": "fp|acaadcb05fd7c6c9aea99fadb01885b4baf784ab43cddf664f1df9d9c67905c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/database.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 38804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce5dc999c79df35fc82a2a7695ebba19083b35d3725d27e2f4ac643df43dfb7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Intern-batch-08/Digital-Eval-Backend/config/azureBlob.js", "duplicate_line": 1, "correlation_key": "fp|ce5dc999c79df35fc82a2a7695ebba19083b35d3725d27e2f4ac643df43dfb7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/azureBlob.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 38802, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 38880, "scanner": "repobility-threat-engine", "fingerprint": "c1218030d395ea42af783dfe3e2595994fdc6d1ec66232d345fa32cdd65e69a8", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c1218030d395ea42af783dfe3e2595994fdc6d1ec66232d345fa32cdd65e69a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generate_postman.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 38877, "scanner": "repobility-threat-engine", "fingerprint": "3ee226e3c4fa38f6440e254a773637e9ad9b4a176b60dc2eb789744f9ca57f4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ee226e3c4fa38f6440e254a773637e9ad9b4a176b60dc2eb789744f9ca57f4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/emailService.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 38876, "scanner": "repobility-threat-engine", "fingerprint": "efb5cc192dc08c1cf98703c24d7d1ed0512a1575e48ae392157e940728e38fe6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|efb5cc192dc08c1cf98703c24d7d1ed0512a1575e48ae392157e940728e38fe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/emailService.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 38875, "scanner": "repobility-threat-engine", "fingerprint": "033e4d889c490bf4428fd5b749d5277e679b0007b502b26fb9dcacb8889fb197", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|033e4d889c490bf4428fd5b749d5277e679b0007b502b26fb9dcacb8889fb197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/emailService.js"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 38874, "scanner": "repobility-threat-engine", "fingerprint": "aef120bd0130b4494b73fc43e233df7c399ae262c8dcfdf870d6733053a7e583", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aef120bd0130b4494b73fc43e233df7c399ae262c8dcfdf870d6733053a7e583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/emailService.js"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 38871, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 38870, "scanner": "repobility-threat-engine", "fingerprint": "decc7950793496abd6ed7599379ff9cebe54afde9b6a6b688bcb017a6536e1e2", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('Error generating SAS token:', error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|services/blobstorage.js|7|console.error error generating sas token: error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/blobStorage.js"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 38869, "scanner": "repobility-threat-engine", "fingerprint": "2106bb9d5d320f6736d6e998fac1d82486e4c3033fecf9fb3feca97e7273d788", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(`Password change notification sent to ${this._sanitizeForLog(user.email)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|9|console.log password change notification sent to this._sanitizeforlog user.email"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/emailService.js"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 38868, "scanner": "repobility-threat-engine", "fingerprint": "84e363a52b3471d858e4fa561abc25b3f1297ccead9c613d356ffad815f7afb2", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('Error generating SAS token:', error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|8|console.error error generating sas token: error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/blobStorage.js"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 38867, "scanner": "repobility-threat-engine", "fingerprint": "d8e3f8423e072156e4b80e0acc1981847986bd0e4bbfd02d66496fa29fd1d1c5", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|services/authservice.js|32|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/authService.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 38866, "scanner": "repobility-threat-engine", "fingerprint": "1bde28185d87a54a10128b6347bcb54483202fbe1ce5c257a28cf7bab475b108", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|32|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/authService.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 38865, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 38858, "scanner": "repobility-threat-engine", "fingerprint": "05c5920e35c4fee69cc663983866454fe6f829499602c802213adfd82fc7a469", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|05c5920e35c4fee69cc663983866454fe6f829499602c802213adfd82fc7a469", "aggregated_count": 22}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 38857, "scanner": "repobility-threat-engine", "fingerprint": "5365bc0d9a2a97e4f010f7e73643cd8b1fce75fffde221af7ea2e2f86b80310d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5365bc0d9a2a97e4f010f7e73643cd8b1fce75fffde221af7ea2e2f86b80310d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/config/database.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 38856, "scanner": "repobility-threat-engine", "fingerprint": "2b6b7f014bef370603a17c1fab9281fdadcf72913a1ac97fb702863fed54281b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b6b7f014bef370603a17c1fab9281fdadcf72913a1ac97fb702863fed54281b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/config/azureBlob.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 38855, "scanner": "repobility-threat-engine", "fingerprint": "68a031552d470fab9299f7b69b3af2625931f60ebfed127236ddfbcaac1f28dc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68a031552d470fab9299f7b69b3af2625931f60ebfed127236ddfbcaac1f28dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/app.js"}, "region": {"startLine": 49}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /submission/:submission_id."}, "properties": {"repobilityId": 38897, "scanner": "repobility-access-control", "fingerprint": "64ce5af3f60dc58ec4856f8d20df63cab40aa892b2b25a92f709114196574515", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/submission/:submission_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|token|15|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/documents.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /submission/:submission_id."}, "properties": {"repobilityId": 38896, "scanner": "repobility-access-control", "fingerprint": "0a2a27e03e0a24270c18f8fe22876b443fabf5d90aefcc250f5fa775a6a24abf", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/submission/:submission_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/evaluations.js|17|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/evaluations.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /version/:version_id."}, "properties": {"repobilityId": 38895, "scanner": "repobility-access-control", "fingerprint": "505483a2b34801d806461e3624b546cfb209ea07ea16da8e4117a1614d3eba0c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/version/:version_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/pages.js|12|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/pages.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /:file_id/sas-token."}, "properties": {"repobilityId": 38894, "scanner": "repobility-access-control", "fingerprint": "abd6ce4d2b54ae718a7765f84a6b89597f776b3566a338a52e1006efa3a4df74", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:file_id/sas-token", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|26|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /:file_id/versions/current."}, "properties": {"repobilityId": 38893, "scanner": "repobility-access-control", "fingerprint": "b0d1effae02a71f534ed1a4f7a8443826a9f0bcd2114f468c44340277c03612c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:file_id/versions/current", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/files.js|25|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /evaluation/:eval_id."}, "properties": {"repobilityId": 38892, "scanner": "repobility-access-control", "fingerprint": "3a963fd6fe9ae3860420f917c5427252b6412552123890893dc881e2daeb30ef", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/evaluation/:eval_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/annotations.js|14|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/annotations.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /:notification_id/read."}, "properties": {"repobilityId": 38891, "scanner": "repobility-access-control", "fingerprint": "ed84db4bbb5e4fb8f54199b911da11ce78f55337945cde207ad3d4063beee4e6", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:notification_id/read", "method": "PUT", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/notifications.js|22|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/notifications.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /entity/:entity_type/:entity_id."}, "properties": {"repobilityId": 38890, "scanner": "repobility-access-control", "fingerprint": "75ae633321d8fb8ee69a8cef67ff8cf833396efdb390dd8898ec07cdfaecc44e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/entity/:entity_type/:entity_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/audit-logs.js|15|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/audit-logs.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /:audit_log_id."}, "properties": {"repobilityId": 38889, "scanner": "repobility-access-control", "fingerprint": "0421816310f786fb23505ff201f26e4a6ba3d55eb5cd4568015d2aa644621557", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:audit_log_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/audit-logs.js|13|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/audit-logs.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /submission/:submission_id."}, "properties": {"repobilityId": 38888, "scanner": "repobility-access-control", "fingerprint": "3e51b1e698358f74947aaa1cdb0be920d10ae27373456e99ebd65dcf904c15d4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/submission/:submission_id", "method": "GET", "scanner": "repobility-access-control", "framework": "Express", "correlation_key": "code|auth|routes/v1/documents.js|15|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/documents.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 38879, "scanner": "repobility-threat-engine", "fingerprint": "07b7e0dba314c5b48c3098b7c0d1df6e7c231ef21bbc7cd6b6d154316d9d7655", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(line", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|07b7e0dba314c5b48c3098b7c0d1df6e7c231ef21bbc7cd6b6d154316d9d7655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generate_postman.js"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 38864, "scanner": "repobility-threat-engine", "fingerprint": "5e0f8b24404ce37dcdbd4924022a39c935009e265b333db9a17bf5d9dcd6577b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5e0f8b24404ce37dcdbd4924022a39c935009e265b333db9a17bf5d9dcd6577b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/filesController.js"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 38863, "scanner": "repobility-threat-engine", "fingerprint": "c24d9dfdbcfc9934a46bfa930b78138b3a6c711079749ba21df96275b7a0cc2f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c24d9dfdbcfc9934a46bfa930b78138b3a6c711079749ba21df96275b7a0cc2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/controllers/submissionsController.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 38862, "scanner": "repobility-threat-engine", "fingerprint": "d0df9dfa8283192b1c32c544f862dbb92e85bdc85597fd57b3c5c33df680ac69", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(d", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0df9dfa8283192b1c32c544f862dbb92e85bdc85597fd57b3c5c33df680ac69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/controllers/filesController.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 38861, "scanner": "repobility-threat-engine", "fingerprint": "dc4eca4f4544b3b309ff86bdd52160dda81025705274db74a40bbe5bdf796be0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc4eca4f4544b3b309ff86bdd52160dda81025705274db74a40bbe5bdf796be0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/database.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 38860, "scanner": "repobility-threat-engine", "fingerprint": "379ff6df51c3c29d3c0d01314e0d3bd0a30182947ed1b18daf1b0d17d758e2c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|379ff6df51c3c29d3c0d01314e0d3bd0a30182947ed1b18daf1b0d17d758e2c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/emailService.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 38859, "scanner": "repobility-threat-engine", "fingerprint": "96ae4db6c0ff0ef244dd8d56d3e22f05783b48c30c67ed1c444f3d45cbd2c660", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96ae4db6c0ff0ef244dd8d56d3e22f05783b48c30c67ed1c444f3d45cbd2c660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/config/database.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:24-slim` not pinned by digest"}, "properties": {"repobilityId": 38854, "scanner": "repobility-supply-chain", "fingerprint": "1b7d0d58276947b47b53d7db5f3bd616726c5b612e0d56f54edcc2bdbd9f320e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b7d0d58276947b47b53d7db5f3bd616726c5b612e0d56f54edcc2bdbd9f320e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:20-slim` not pinned by digest"}, "properties": {"repobilityId": 38853, "scanner": "repobility-supply-chain", "fingerprint": "fc8e95ac0c5003fa2fc5c0a102778d04a008c8786180acce584b7c6625d5e748", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fc8e95ac0c5003fa2fc5c0a102778d04a008c8786180acce584b7c6625d5e748"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /:user_id/change-password has no auth"}, "properties": {"repobilityId": 38852, "scanner": "repobility-route-auth", "fingerprint": "04bb437b30610038f84a615fadd8c24347d0940d8927bb882c27ec9400fa9538", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|04bb437b30610038f84a615fadd8c24347d0940d8927bb882c27ec9400fa9538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/users.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /:notification_id/read has no auth"}, "properties": {"repobilityId": 38851, "scanner": "repobility-route-auth", "fingerprint": "1b1e529a7da2f80e188c4739f2d14ae7b3b695d15006b76ef9b69d00a9dbffa5", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|1b1e529a7da2f80e188c4739f2d14ae7b3b695d15006b76ef9b69d00a9dbffa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/notifications.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /read-all has no auth"}, "properties": {"repobilityId": 38850, "scanner": "repobility-route-auth", "fingerprint": "ff202c5280799c4e57428f84b581d2f09521af06050e5695d95f2f5b089653c3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|ff202c5280799c4e57428f84b581d2f09521af06050e5695d95f2f5b089653c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/notifications.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /logout has no auth"}, "properties": {"repobilityId": 38849, "scanner": "repobility-route-auth", "fingerprint": "e21fd72b9339198b5aa8fabda2f947e3a0dc12b37bef8cdd8bf865ab7d2fb62f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|e21fd72b9339198b5aa8fabda2f947e3a0dc12b37bef8cdd8bf865ab7d2fb62f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/auth.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /login has no auth"}, "properties": {"repobilityId": 38848, "scanner": "repobility-route-auth", "fingerprint": "30d4c2a72004784c8acc2b6470dc6c6c8cdcf3b62110037c24fb01a0060af403", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|30d4c2a72004784c8acc2b6470dc6c6c8cdcf3b62110037c24fb01a0060af403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/auth.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express DELETE /:class_id/subjects/:subject_id has no auth"}, "properties": {"repobilityId": 38847, "scanner": "repobility-route-auth", "fingerprint": "f79a5901d70efc4c477503e2997185d4c4f8ce591038b4e845afdaa275260bd4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|f79a5901d70efc4c477503e2997185d4c4f8ce591038b4e845afdaa275260bd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/classes.js"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express DELETE /:id has no auth"}, "properties": {"repobilityId": 38846, "scanner": "repobility-route-auth", "fingerprint": "d9ad87140631c717ff337b6d0bcff35b0f9a1a14b46ee9b067123943ca4f4862", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d9ad87140631c717ff337b6d0bcff35b0f9a1a14b46ee9b067123943ca4f4862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/permissions.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /:id has no auth"}, "properties": {"repobilityId": 38845, "scanner": "repobility-route-auth", "fingerprint": "5bf245635d9b8a30920943b2d816dd45d72f1dd9d3696b1694958fb22bffa3d0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|5bf245635d9b8a30920943b2d816dd45d72f1dd9d3696b1694958fb22bffa3d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/permissions.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST / has no auth"}, "properties": {"repobilityId": 38844, "scanner": "repobility-route-auth", "fingerprint": "a32b0995c7e4f69f3d6722240a9fe76a3d16e4e7f56a36c06b580f829af5a61f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|a32b0995c7e4f69f3d6722240a9fe76a3d16e4e7f56a36c06b580f829af5a61f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/routes/v1/permissions.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /:user_id/change-password has no auth"}, "properties": {"repobilityId": 38843, "scanner": "repobility-route-auth", "fingerprint": "14850529a72d9026695a18619981308a938d277ff515f37f28c24b0645e3cf39", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|14850529a72d9026695a18619981308a938d277ff515f37f28c24b0645e3cf39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/users.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /request-upload has no auth"}, "properties": {"repobilityId": 38842, "scanner": "repobility-route-auth", "fingerprint": "cf3c177bbeb73926b5bbf192e480919bf14b253569d3c3248953b4666bc97d30", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|cf3c177bbeb73926b5bbf192e480919bf14b253569d3c3248953b4666bc97d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/files.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /:notification_id/read has no auth"}, "properties": {"repobilityId": 38841, "scanner": "repobility-route-auth", "fingerprint": "d6d346af87a32b15fdde2b10c292657b81ffd8561c6a09ae5bd4b584df9bd9f6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d6d346af87a32b15fdde2b10c292657b81ffd8561c6a09ae5bd4b584df9bd9f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/notifications.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /read-all has no auth"}, "properties": {"repobilityId": 38840, "scanner": "repobility-route-auth", "fingerprint": "d368ac72170e75bff7286daedf5cc69129205e7e9fbe5eb0431281782296ad71", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d368ac72170e75bff7286daedf5cc69129205e7e9fbe5eb0431281782296ad71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/notifications.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /logout has no auth"}, "properties": {"repobilityId": 38839, "scanner": "repobility-route-auth", "fingerprint": "cbe8e6227ce499ae3f893a5cfea62109e994b00417ba7fafcace08e579e0d797", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|cbe8e6227ce499ae3f893a5cfea62109e994b00417ba7fafcace08e579e0d797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/auth.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /login has no auth"}, "properties": {"repobilityId": 38838, "scanner": "repobility-route-auth", "fingerprint": "7e35d5404bf4f42f11d1d271bdcf8ef8982bb1784e12441404d4b8bdd2f12f4e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|7e35d5404bf4f42f11d1d271bdcf8ef8982bb1784e12441404d4b8bdd2f12f4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/auth.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express DELETE /:class_id/subjects/:subject_id has no auth"}, "properties": {"repobilityId": 38837, "scanner": "repobility-route-auth", "fingerprint": "e2057b6c2c8f5323b61e22215842116f15819979939ed652b9b21405c7020685", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|e2057b6c2c8f5323b61e22215842116f15819979939ed652b9b21405c7020685"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/classes.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express DELETE /:id has no auth"}, "properties": {"repobilityId": 38836, "scanner": "repobility-route-auth", "fingerprint": "77da5a4adf10ea4f21dd014376731f1b7331b544e7c3673b7da327ac2787fc2c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|77da5a4adf10ea4f21dd014376731f1b7331b544e7c3673b7da327ac2787fc2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express PUT /:id has no auth"}, "properties": {"repobilityId": 38835, "scanner": "repobility-route-auth", "fingerprint": "d37e2855ba467700b119eaaf5f19b8dcd61550b13a56c80976550708b0eabc9a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d37e2855ba467700b119eaaf5f19b8dcd61550b13a56c80976550708b0eabc9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST / has no auth"}, "properties": {"repobilityId": 38834, "scanner": "repobility-route-auth", "fingerprint": "d147c3489165958d0c9c3d4761c51ca5bfdce85388ab3a2384818d367553c16c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d147c3489165958d0c9c3d4761c51ca5bfdce85388ab3a2384818d367553c16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes/v1/permissions.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 38801, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 38873, "scanner": "repobility-threat-engine", "fingerprint": "b7bfd858a30a9a4b9ad07333debe40bbb692edb01c63d7477938a6d10c6448b8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7bfd858a30a9a4b9ad07333debe40bbb692edb01c63d7477938a6d10c6448b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/emailService.js"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 38872, "scanner": "repobility-threat-engine", "fingerprint": "0d5653a49afefc159a2f5b70184a31fa6b5a6e3abd836547c20df08b4f598bce", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d5653a49afefc159a2f5b70184a31fa6b5a6e3abd836547c20df08b4f598bce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Intern-batch-08/Digital-Eval-Backend/services/emailService.js"}, "region": {"startLine": 60}}}]}]}]}