{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `PyYAML` has no version pin: Unpinned pip requirement means every fresh install may resolve", "shortDescription": {"text": "[MINED124] requirements.txt: `PyYAML` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible instal"}, "fullDescription": {"text": "Replace `PyYAML` with `PyYAML==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 24 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 24."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar`", "shortDescription": {"text": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (45,457 bytes) committed to a repo that otherwise has 5995 source files. Trojan binaries inside otherw"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_patch_version: Test function `test_jav", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_patch_version: Test function `test_javac_metadata_index_update_promotes_newer_patch_version` runs code but contains no assert / expect / should call \u2014 it pass"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._issue` used but never assigned in __init__: Method `get_issue_by_number` of class `FixtureGitHubState`", "shortDescription": {"text": "[MINED108] `self._issue` used but never assigned in __init__: Method `get_issue_by_number` of class `FixtureGitHubState` reads `self._issue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeErr"}, "fullDescription": {"text": "Initialize `self._issue = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1273"}, "properties": {"repository": "oracle/graalvm-reachability-metadata", "repoUrl": "https://github.com/oracle/graalvm-reachability-metadata", "branch": "master"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `PyYAML` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 128967, "scanner": "repobility-supply-chain", "fingerprint": "12e6761cfd0d06d6dfb6a8a6ed6e4f7da23144bc4ac5acf6b00522c9fbe6f016", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|12e6761cfd0d06d6dfb6a8a6ed6e4f7da23144bc4ac5acf6b00522c9fbe6f016"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `jsonschema` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 128966, "scanner": "repobility-supply-chain", "fingerprint": "1faaed177e1b152af282e610ee9ecc53939725b58f84938bc06c086d3241c881", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1faaed177e1b152af282e610ee9ecc53939725b58f84938bc06c086d3241c881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pylint` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 128965, "scanner": "repobility-supply-chain", "fingerprint": "b0769a3a63dbd82899ae8c57cefcedcb50fcf82b3a5aff0e6b134fb2d6ee1672", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0769a3a63dbd82899ae8c57cefcedcb50fcf82b3a5aff0e6b134fb2d6ee1672"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128938, "scanner": "repobility-ast-engine", "fingerprint": "2041796467ae6ef77e06cddef99fdd6a9cbdabccf57b5bc28dd2252be94400a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2041796467ae6ef77e06cddef99fdd6a9cbdabccf57b5bc28dd2252be94400a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4953}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128937, "scanner": "repobility-ast-engine", "fingerprint": "a34ceb6b23d18a1f21aa664b160b421c9786bcc17bdb2f79f96977eac326e88c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a34ceb6b23d18a1f21aa664b160b421c9786bcc17bdb2f79f96977eac326e88c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5621}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128936, "scanner": "repobility-ast-engine", "fingerprint": "8913fd909cfc1bed35f72240091e7284bce932e201a14ddc0f56b71d14c3f8b5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8913fd909cfc1bed35f72240091e7284bce932e201a14ddc0f56b71d14c3f8b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5520}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128935, "scanner": "repobility-ast-engine", "fingerprint": "d27bcbd2a3711cb913e101aad996061cf2186595939a0b45d4bf1c44ce96eeff", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d27bcbd2a3711cb913e101aad996061cf2186595939a0b45d4bf1c44ce96eeff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4963}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128934, "scanner": "repobility-ast-engine", "fingerprint": "b707c4f94bbf4ffb2eb959084c5d73b5cbf12c2d9abbcf59ef31335132ed63bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b707c4f94bbf4ffb2eb959084c5d73b5cbf12c2d9abbcf59ef31335132ed63bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3919}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128933, "scanner": "repobility-ast-engine", "fingerprint": "ec9ca26dc287499784e32094e532f8a9c6cb77e4d8593f38d2fa2e8dc2186312", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec9ca26dc287499784e32094e532f8a9c6cb77e4d8593f38d2fa2e8dc2186312"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 2785}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128932, "scanner": "repobility-ast-engine", "fingerprint": "7ca660d31c7c8e1f72d9af1b65076c973b3ba01a48ca411e529b3737e52ab90f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ca660d31c7c8e1f72d9af1b65076c973b3ba01a48ca411e529b3737e52ab90f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 6012}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128931, "scanner": "repobility-ast-engine", "fingerprint": "6afeb9f48c053587d9ced603fcdb25f6f71cccf4280f8148f4615eabe4064bfc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6afeb9f48c053587d9ced603fcdb25f6f71cccf4280f8148f4615eabe4064bfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5542}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128930, "scanner": "repobility-ast-engine", "fingerprint": "a638b4584ce72f35f2198ce0c48c3f3ed90acae4dfd421c5ca602c13b52d8ee1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a638b4584ce72f35f2198ce0c48c3f3ed90acae4dfd421c5ca602c13b52d8ee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5465}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128929, "scanner": "repobility-ast-engine", "fingerprint": "275f6cfab8f10b77716e4a16231783d7eb55f9571dad143ddc6ff36204fb0691", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|275f6cfab8f10b77716e4a16231783d7eb55f9571dad143ddc6ff36204fb0691"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5038}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128928, "scanner": "repobility-ast-engine", "fingerprint": "7dc18d989a5672231b88c8cbf368b640de685676211e5fe6122a77038326d386", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7dc18d989a5672231b88c8cbf368b640de685676211e5fe6122a77038326d386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5028}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128927, "scanner": "repobility-ast-engine", "fingerprint": "828aab91042033256ac880e2003f7c73c765fa0c836263876e294887ae196082", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|828aab91042033256ac880e2003f7c73c765fa0c836263876e294887ae196082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 5000}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128926, "scanner": "repobility-ast-engine", "fingerprint": "6ddf0d31bbff143ccfa3c51482822dc1586dbffad8bee16bf9d51ee1a00bcd0c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ddf0d31bbff143ccfa3c51482822dc1586dbffad8bee16bf9d51ee1a00bcd0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4917}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128925, "scanner": "repobility-ast-engine", "fingerprint": "fefc3716efc9921966e2d41ba3f2b562485d585e7fbee123bf5eb71b6f5ea01d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fefc3716efc9921966e2d41ba3f2b562485d585e7fbee123bf5eb71b6f5ea01d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4853}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128924, "scanner": "repobility-ast-engine", "fingerprint": "f88852f88ff8f5493156527c329ca444ddeb5c6eae2f761e2833d7f1720ac126", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f88852f88ff8f5493156527c329ca444ddeb5c6eae2f761e2833d7f1720ac126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4806}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128923, "scanner": "repobility-ast-engine", "fingerprint": "80c53e00a760e8701f25205a048f5d4b42442fb8a64228de7dbae23d7c9dcc9d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80c53e00a760e8701f25205a048f5d4b42442fb8a64228de7dbae23d7c9dcc9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 4584}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128922, "scanner": "repobility-ast-engine", "fingerprint": "764168bcae3616b8e47445b0c357a09a70b9b39a474f659db432db6f84ba419e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|764168bcae3616b8e47445b0c357a09a70b9b39a474f659db432db6f84ba419e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3997}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128921, "scanner": "repobility-ast-engine", "fingerprint": "834473f65e4cfb8b615eab6473222eeef7a81b515e1479bdd455a55dae03fd74", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|834473f65e4cfb8b615eab6473222eeef7a81b515e1479bdd455a55dae03fd74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3958}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128920, "scanner": "repobility-ast-engine", "fingerprint": "2b4cd3ead0fc4a84b05f957d8231c5eb98679740e24f2a1e9a1959f20a1597b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b4cd3ead0fc4a84b05f957d8231c5eb98679740e24f2a1e9a1959f20a1597b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3928}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128919, "scanner": "repobility-ast-engine", "fingerprint": "8e48ac7afbdc8f2ad905b38037d04a199653ed395cfac87ecb6a67987d7607ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e48ac7afbdc8f2ad905b38037d04a199653ed395cfac87ecb6a67987d7607ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3555}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128918, "scanner": "repobility-ast-engine", "fingerprint": "654f84489dadb3f8c9ac9d5150884512d155cc748974e0e30c38e71fc34fbec1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|654f84489dadb3f8c9ac9d5150884512d155cc748974e0e30c38e71fc34fbec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 3419}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128917, "scanner": "repobility-ast-engine", "fingerprint": "8cc5e4493384242ee33c81cd692fa67ad812e3604234fe496362391416d19403", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cc5e4493384242ee33c81cd692fa67ad812e3604234fe496362391416d19403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 2577}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128916, "scanner": "repobility-ast-engine", "fingerprint": "5cd5e4c08ee220fc4bd690e0b16236ac00e6ac9b78afdfcf23da7d04260919f0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cd5e4c08ee220fc4bd690e0b16236ac00e6ac9b78afdfcf23da7d04260919f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 2440}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128915, "scanner": "repobility-ast-engine", "fingerprint": "d40da29daa5b40887414fba57fad9e7de076aa5c6f10deb074dfcb6fb0a321e1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d40da29daa5b40887414fba57fad9e7de076aa5c6f10deb074dfcb6fb0a321e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1620}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 128914, "scanner": "repobility-ast-engine", "fingerprint": "34ff4821c3a7a1d1e04078e5d8192a223265edef7b18ce55d3ce3131e8a01ddd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34ff4821c3a7a1d1e04078e5d8192a223265edef7b18ce55d3ce3131e8a01ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1606}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 128889, "scanner": "repobility-agent-runtime", "fingerprint": "500fe13c6988a5cf9a13c39486cff6e123caec884599ddaa0e49d42055ac527a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|500fe13c6988a5cf9a13c39486cff6e123caec884599ddaa0e49d42055ac527a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/support/index.html"}, "region": {"startLine": 472}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 128859, "scanner": "repobility-threat-engine", "fingerprint": "2490acafb90b53e1be3e368f40b0e86321b6c3ecad53e6098a0405b83934d7bd", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(\n            test_cmd,\n            cwd=working_dir,\n            env=command_env,", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|61|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/gradle_test_runner.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, if=11, nested_bonus=8, or=1, recursion=1."}, "properties": {"repobilityId": 128853, "scanner": "repobility-threat-engine", "fingerprint": "fca0a0b5271a2be18f89332ce817be80442e14a056dce79ef6b6b789c86609f6", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 24 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run", "breakdown": {"if": 11, "or": 1, "elif": 1, "else": 2, "recursion": 1, "nested_bonus": 8}, "complexity": 24, "correlation_key": "fp|fca0a0b5271a2be18f89332ce817be80442e14a056dce79ef6b6b789c86609f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/core/increase_dynamic_access_coverage_strategy.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_wait_for_response` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, except=1, if=5, nested_bonus=6, while=1."}, "properties": {"repobilityId": 128851, "scanner": "repobility-threat-engine", "fingerprint": "f82645566a80d0c92843666c8527887920498227819546e8e53d2384ecbe03ec", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_wait_for_response", "breakdown": {"if": 5, "while": 1, "except": 1, "continue": 3, "nested_bonus": 6}, "complexity": 16, "correlation_key": "fp|f82645566a80d0c92843666c8527887920498227819546e8e53d2384ecbe03ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/agents/codex_app_server.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 128888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73a7ecdb75b2b621bc5f16f54cc9a827b69f4c0bc31c1f67c17f2466b1755561", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "build_parser", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "forge/ai_workflows/drivers/add_new_library_support.py", "correlation_key": "fp|73a7ecdb75b2b621bc5f16f54cc9a827b69f4c0bc31c1f67c17f2466b1755561"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_java_run_fix.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "029558c616abc01d357f4e7fcf30e208ef747974e0858cd7b67f3891ec67b17e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/tck-build-logic/src/main/java/org/graalvm/internal/tck/model/DiscoveredArtifactMetadata.java", "duplicate_line": 7, "correlation_key": "fp|029558c616abc01d357f4e7fcf30e208ef747974e0858cd7b67f3891ec67b17e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/tck-build-logic/src/main/java/org/graalvm/internal/tck/model/MetadataVersionsIndexEntry.java"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b83ce0fea3fc04d6a45355010e0f44f540a60433143e6eb923444c905b66cb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/tck-build-logic/src/main/groovy/org/graalvm/internal/tck/harness/tasks/DiscoverArtifactMetadata.java", "duplicate_line": 39, "correlation_key": "fp|8b83ce0fea3fc04d6a45355010e0f44f540a60433143e6eb923444c905b66cb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/tck-build-logic/src/main/groovy/org/graalvm/internal/tck/harness/tasks/PopulateArtifactURLs.java"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80904581b6b3ed5ce0cf0c3dfebb535b5ab5b2215d8dbd53055913ab08b64fc2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/tck-build-logic/src/main/groovy/org/graalvm/internal/tck/harness/tasks/AbstractSubprojectTask.java", "duplicate_line": 157, "correlation_key": "fp|80904581b6b3ed5ce0cf0c3dfebb535b5ab5b2215d8dbd53055913ab08b64fc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/tck-build-logic/src/main/groovy/org/graalvm/internal/tck/harness/tasks/AllCoordinatesExecTask.java"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d1aeaaac97349b4c67c23cd9de75dbc4e42b7f0ac62c591fa17a20e3744196ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/src/org.testcontainers/testcontainers/1.17.6/src/main/java/org_testcontainers/testcontainers/FindJsonSerialization.java", "duplicate_line": 6, "correlation_key": "fp|d1aeaaac97349b4c67c23cd9de75dbc4e42b7f0ac62c591fa17a20e3744196ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/src/org.testcontainers/testcontainers/1.19.8/src/main/java/org_testcontainers/testcontainers/FindJsonSerialization.java"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e85cd058b25cc9d466955b922ddfc0e858c23e05841f6d1810a7a2872e607f30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/core/workflow_strategy.py", "duplicate_line": 288, "correlation_key": "fp|e85cd058b25cc9d466955b922ddfc0e858c23e05841f6d1810a7a2872e607f30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/library_finalization.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b58d9e8feedcf2170bc8c22101465190d6b1c646f3d77b8c4fd8d5fc96375f31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/utility_scripts/count_native_image_config_entries.py", "duplicate_line": 36, "correlation_key": "fp|b58d9e8feedcf2170bc8c22101465190d6b1c646f3d77b8c4fd8d5fc96375f31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/count_reachability_entries.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee1df078f12e210e116a307058289147326ccb0c53513671e68223951f771ed0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_javac_fix.py", "duplicate_line": 269, "correlation_key": "fp|ee1df078f12e210e116a307058289147326ccb0c53513671e68223951f771ed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_new_library_support.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "86a281bb57f996e85c16cd822be64e528bb0a97f657a342db2122ac1d4cf2934", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_improve_coverage.py", "duplicate_line": 271, "correlation_key": "fp|86a281bb57f996e85c16cd822be64e528bb0a97f657a342db2122ac1d4cf2934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_new_library_support.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d9d88cb5d63c6f7827de8147b4f62818eb50ecbb4afd3036391a41230d06008", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_javac_fix.py", "duplicate_line": 269, "correlation_key": "fp|3d9d88cb5d63c6f7827de8147b4f62818eb50ecbb4afd3036391a41230d06008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_improve_coverage.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7c60db3903e412acc3f0de58d0baffe78088b16779a9e6841f0063cb2b6c0f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/drivers/fix_java_fails.py", "duplicate_line": 39, "correlation_key": "fp|e7c60db3903e412acc3f0de58d0baffe78088b16779a9e6841f0063cb2b6c0f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/drivers/java_fail_workflow.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4280e10fab863f0798e445606dfa1ac1f57553140683a99d4449c455daec5e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/drivers/fix_ni_run.py", "duplicate_line": 24, "correlation_key": "fp|b4280e10fab863f0798e445606dfa1ac1f57553140683a99d4449c455daec5e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/drivers/java_fail_workflow.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93df0d00972e9fad69abc2233171e4de8ac57fe3d4d24eeb2e9df01991674a5c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/drivers/fix_java_fails.py", "duplicate_line": 39, "correlation_key": "fp|93df0d00972e9fad69abc2233171e4de8ac57fe3d4d24eeb2e9df01991674a5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/drivers/fix_ni_run.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "476a696cec962a7a2c2405c1c8443a54d99b040e53d3e944e6542079cd49fbed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/core/java_fix_iterative_strategy.py", "duplicate_line": 136, "correlation_key": "fp|476a696cec962a7a2c2405c1c8443a54d99b040e53d3e944e6542079cd49fbed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/core/optimistic_dynamic_access_strategy.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec5383e68cea21e7ce4a9b34792a8c63be366d5374c25338fed764e4a71926e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/core/basic_iterative_strategy.py", "duplicate_line": 157, "correlation_key": "fp|ec5383e68cea21e7ce4a9b34792a8c63be366d5374c25338fed764e4a71926e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/core/java_fix_iterative_strategy.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d62813027ca04ff9cc3dc22e9a6de4c141b7a86164755c3e85c2f323f557f5ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/agents/codex_app_server.py", "duplicate_line": 10, "correlation_key": "fp|d62813027ca04ff9cc3dc22e9a6de4c141b7a86164755c3e85c2f323f557f5ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/agents/pi_rpc_client.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f451fe53ce87d3059f4c8a642e771d31b6493ec9cd2546ce08ac3dd3dc1d4323", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/ai_workflows/agents/codex_agent.py", "duplicate_line": 40, "correlation_key": "fp|f451fe53ce87d3059f4c8a642e771d31b6493ec9cd2546ce08ac3dd3dc1d4323"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/agents/pi_agent.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5214e8da13429130029ec80122b7ef06b19ff49a12624cff94ea6ae8c9d4b66", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_java_run_fix.py", "duplicate_line": 191, "correlation_key": "fp|b5214e8da13429130029ec80122b7ef06b19ff49a12624cff94ea6ae8c9d4b66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_ni_run_fix.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90c2e0a0ae1f97b8df4df42346eaec77a7349a2fa67a8228586ba08860ade0f4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_javac_fix.py", "duplicate_line": 255, "correlation_key": "fp|90c2e0a0ae1f97b8df4df42346eaec77a7349a2fa67a8228586ba08860ade0f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_ni_run_fix.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 128869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c168bc542054a7d97735fbbc26e362bff52f034c2ca206be5a6e864cba2d277", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forge/git_scripts/make_pr_java_run_fix.py", "duplicate_line": 36, "correlation_key": "fp|9c168bc542054a7d97735fbbc26e362bff52f034c2ca206be5a6e864cba2d277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_javac_fix.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 128868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99a65190fac73e950cecb03f79103a84f1a3da799a41812a58d8d4e3a5257b4b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|99a65190fac73e950cecb03f79103a84f1a3da799a41812a58d8d4e3a5257b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_ni_run_fix.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 128867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "badc3d87f5e616cda087dae496a171348051af0ae33d9cd847d97e5c877fe5a0", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|badc3d87f5e616cda087dae496a171348051af0ae33d9cd847d97e5c877fe5a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_javac_fix.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 128866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e8661bc202c3ff92edf0c49ef9e4e07d6b00ea75082299b5bddff871771d153", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3e8661bc202c3ff92edf0c49ef9e4e07d6b00ea75082299b5bddff871771d153"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/git_scripts/make_pr_java_run_fix.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 128856, "scanner": "repobility-threat-engine", "fingerprint": "da9e7ca26039cbbcc7afa4ee61110075b34b0bd546bf65ef1d6d6f62ce82e92d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|da9e7ca26039cbbcc7afa4ee61110075b34b0bd546bf65ef1d6d6f62ce82e92d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/native_image_artifact.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 128855, "scanner": "repobility-threat-engine", "fingerprint": "abb1ccfb6effceda24ce42f405ccdbcc2e0989b5af7d49f2174412fda88d164c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|abb1ccfb6effceda24ce42f405ccdbcc2e0989b5af7d49f2174412fda88d164c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/dynamic_access_report.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 128854, "scanner": "repobility-threat-engine", "fingerprint": "6c1739a25480e631cd2f17add4a118c8853a3b1189f29a71e7b0267126319610", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_wait_for_response", "breakdown": {"if": 5, "while": 1, "except": 1, "continue": 3, "nested_bonus": 6}, "aggregated": true, "complexity": 16, "correlation_key": "fp|6c1739a25480e631cd2f17add4a118c8853a3b1189f29a71e7b0267126319610", "aggregated_count": 21}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 128850, "scanner": "repobility-threat-engine", "fingerprint": "97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 128849, "scanner": "repobility-threat-engine", "fingerprint": "37cba0b16be4e8ce03b297c4ed422760dee75fbf06f022069b205ff0fc7571cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37cba0b16be4e8ce03b297c4ed422760dee75fbf06f022069b205ff0fc7571cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/count_reachability_entries.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 128848, "scanner": "repobility-threat-engine", "fingerprint": "0fbf7c74c8920204c178e607e52a52af59794a6fc0c364351b27f8558ba65c84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0fbf7c74c8920204c178e607e52a52af59794a6fc0c364351b27f8558ba65c84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/count_native_image_config_entries.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 128847, "scanner": "repobility-threat-engine", "fingerprint": "90c0b6829055e568f523c1b6afbff613ee326244529b1a28ce89d61d6fa23658", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90c0b6829055e568f523c1b6afbff613ee326244529b1a28ce89d61d6fa23658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/agents/agent.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 128846, "scanner": "repobility-threat-engine", "fingerprint": "79e9d30da8be9f9f9f82f58cce83aeaae997bec01ed6050b75ff63db21655214", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79e9d30da8be9f9f9f82f58cce83aeaae997bec01ed6050b75ff63db21655214"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/detect-file-changes/detect-file-changes.js"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (45,457 bytes) committed to a repo that otherwise has 5995 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 128968, "scanner": "repobility-supply-chain", "fingerprint": "c4e5b00f47fce6fc2d888ddc0e38759b76ff94e8d955b0d6a333fd1a5a1810c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c4e5b00f47fce6fc2d888ddc0e38759b76ff94e8d955b0d6a333fd1a5a1810c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_patch_version: Test function `test_javac_metadata_index_update_promotes_newer_patch_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128964, "scanner": "repobility-ast-engine", "fingerprint": "2d89d25d7427a853afe28d38f0ca0bc0463b54733353cf576b7f008d0760e6e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d89d25d7427a853afe28d38f0ca0bc0463b54733353cf576b7f008d0760e6e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_java_fail_workflow.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_separated_qualifier_number: Test function `test_javac_metadata_index_update_promotes_newer_separated_qualifier_number` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128963, "scanner": "repobility-ast-engine", "fingerprint": "6b3d4471a493528e9e3d6dfdca36752e6442ca287cc266391cb5d931eaf641c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b3d4471a493528e9e3d6dfdca36752e6442ca287cc266391cb5d931eaf641c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_java_fail_workflow.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_classifier_prerelease: Test function `test_javac_metadata_index_update_promotes_newer_classifier_prerelease` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128962, "scanner": "repobility-ast-engine", "fingerprint": "83dfe28011f40e655ce18bd9aafb727525d2128a0514ec8f082104f34147d9f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83dfe28011f40e655ce18bd9aafb727525d2128a0514ec8f082104f34147d9f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_java_fail_workflow.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_final_after_classifier_prerelease: Test function `test_javac_metadata_index_update_promotes_final_after_classifier_prerelease` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128961, "scanner": "repobility-ast-engine", "fingerprint": "e091e0ac85a5cf4233a08534139009ebf0e39deb8ae226b523fc8a653cd86f60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e091e0ac85a5cf4233a08534139009ebf0e39deb8ae226b523fc8a653cd86f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_java_fail_workflow.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_javac_metadata_index_update_promotes_newer_final_version: Test function `test_javac_metadata_index_update_promotes_newer_final_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128960, "scanner": "repobility-ast-engine", "fingerprint": "8af06968941992ebed6d56713ddb70b01922948782b67d8d838d1b0138d92ed6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8af06968941992ebed6d56713ddb70b01922948782b67d8d838d1b0138d92ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_java_fail_workflow.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_count_test_only_metadata_entries_rejects_legacy_native_image_config: Test function `test_count_test_only_metadata_entries_rejects_legacy_native_image_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128959, "scanner": "repobility-ast-engine", "fingerprint": "25f2aebc2050c54d6ac0f87b19912c33698b43894d2a96dc0456ba6b99904be4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25f2aebc2050c54d6ac0f87b19912c33698b43894d2a96dc0456ba6b99904be4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_metrics_paths.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scaffold_failure_reports_target_coordinate: Test function `test_scaffold_failure_reports_target_coordinate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128958, "scanner": "repobility-ast-engine", "fingerprint": "f615ea6fe981673ada964872675d6e12ef226c3645b8d305833d1efe1feeec32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f615ea6fe981673ada964872675d6e12ef226c3645b8d305833d1efe1feeec32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_library_update_target.py"}, "region": {"startLine": 523}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tracked_worktree_guard_reports_remaining_paths: Test function `test_tracked_worktree_guard_reports_remaining_paths` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128957, "scanner": "repobility-ast-engine", "fingerprint": "8cbe50ba93eb1b43d4308647db5f97ad36aadb967fcb12dfae66fc3c95b29b9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cbe50ba93eb1b43d4308647db5f97ad36aadb967fcb12dfae66fc3c95b29b9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_make_pr_ni_run_fix.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_no_scaffold_placeholders_rejects_placeholder_text: Test function `test_validate_no_scaffold_placeholders_rejects_placeholder_text` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128956, "scanner": "repobility-ast-engine", "fingerprint": "6f0c7e623ad66de8d76abd876e315d0f8aaf2478e15ed13092d82656df2ff5b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f0c7e623ad66de8d76abd876e315d0f8aaf2478e15ed13092d82656df2ff5b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_make_pr_new_library_support.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_run_quality_rejects_suspicious_generated_test_targets: Test function `test_validate_run_quality_rejects_suspicious_generated_test_targets` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128955, "scanner": "repobility-ast-engine", "fingerprint": "576c47c6a325e4721ef16c9101f26e8622b07200c08b96c93afb0ee22d14f9cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|576c47c6a325e4721ef16c9101f26e8622b07200c08b96c93afb0ee22d14f9cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_make_pr_new_library_support.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_finalization_scope_check_rejects_old_version_test_edits: Test function `test_finalization_scope_check_rejects_old_version_test_edits` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128954, "scanner": "repobility-ast-engine", "fingerprint": "581cec1fa9fd4c0f4a816a01d28f9975a732b74d30f7c591b7c21200c4cf3561", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|581cec1fa9fd4c0f4a816a01d28f9975a732b74d30f7c591b7c21200c4cf3561"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_make_pr_improve_coverage.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_finalization_scope_check_allows_expected_target_and_sidecar_paths: Test function `test_finalization_scope_check_allows_expected_target_and_sidecar_paths` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128953, "scanner": "repobility-ast-engine", "fingerprint": "6cbf64c16e4887ad883123519792fd9664e1659bcea2a73b0a02e18bf772f7a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6cbf64c16e4887ad883123519792fd9664e1659bcea2a73b0a02e18bf772f7a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_make_pr_improve_coverage.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_main_batches_project_item_status_lookup_for_assigned_issues: Test function `test_main_batches_project_item_status_lookup_for_assigned_issues` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128952, "scanner": "repobility-ast-engine", "fingerprint": "bd6ebad0fc9980645f3ce51642c468d6491be49669f69501a6d50a6af20e8e35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd6ebad0fc9980645f3ce51642c468d6491be49669f69501a6d50a6af20e8e35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_unassign_issues.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fetch_review_base_ref_updates_origin_master_without_pull: Test function `test_fetch_review_base_ref_updates_origin_master_without_pull` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128951, "scanner": "repobility-ast-engine", "fingerprint": "70d50f8303af19a1449704f9b82f83d75da04045bb167efe12064c2634077d57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70d50f8303af19a1449704f9b82f83d75da04045bb167efe12064c2634077d57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 2533}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_merge_pull_request_skips_index_validation_when_index_unchanged: Test function `test_merge_pull_request_skips_index_validation_when_index_unchanged` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128950, "scanner": "repobility-ast-engine", "fingerprint": "f27d3b65be43112b4b230a3bea164dbe0e85ad97579af46e26e4263e3f8c7864", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f27d3b65be43112b4b230a3bea164dbe0e85ad97579af46e26e4263e3f8c7864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 2397}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_merge_pull_request_validates_index_candidate_before_merge: Test function `test_merge_pull_request_validates_index_candidate_before_merge` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128949, "scanner": "repobility-ast-engine", "fingerprint": "53e6600d2cd2626c84f87d0de75f262dd4c124bef0f0bb7e36b0014dbbd8cac4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e6600d2cd2626c84f87d0de75f262dd4c124bef0f0bb7e36b0014dbbd8cac4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 2368}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_human_intervention_posting_noops_after_interrupt: Test function `test_human_intervention_posting_noops_after_interrupt` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128948, "scanner": "repobility-ast-engine", "fingerprint": "21d01c938bac752c1579fd87b11f86bef7e3049dbdc489802180f098ed08f720", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21d01c938bac752c1579fd87b11f86bef7e3049dbdc489802180f098ed08f720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 2336}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_issue_processing_requires_dev_and_ci_graalvm_homes: Test function `test_issue_processing_requires_dev_and_ci_graalvm_homes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128947, "scanner": "repobility-ast-engine", "fingerprint": "d9c35ab9ed1938645a89460bd69361f029140d9abdc64a34ff22573fdf8c29e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9c35ab9ed1938645a89460bd69361f029140d9abdc64a34ff22573fdf8c29e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 2213}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_pull_requests_fetches_ci_only_after_cheap_filters: Test function `test_process_pull_requests_fetches_ci_only_after_cheap_filters` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128946, "scanner": "repobility-ast-engine", "fingerprint": "7bf95f40be4cca96381939b2e8eccf0664381a3d0c03ce92991620d3a26865fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bf95f40be4cca96381939b2e8eccf0664381a3d0c03ce92991620d3a26865fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1518}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_work_queues_skips_remaining_work_when_shutdown_requested: Test function `test_process_work_queues_skips_remaining_work_when_shutdown_requested` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128945, "scanner": "repobility-ast-engine", "fingerprint": "b75c72fc09ddb58138448620e72b41d45a3dd6ae6853101af4aa9b37ae17d164", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b75c72fc09ddb58138448620e72b41d45a3dd6ae6853101af4aa9b37ae17d164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1483}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_work_queues_resolves_auth_for_review_only_queue: Test function `test_process_work_queues_resolves_auth_for_review_only_queue` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128944, "scanner": "repobility-ast-engine", "fingerprint": "c80661eb4ac01fc497c70eb764a9bbdd6eb088b6a30413c1d5e8f635b153fb0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c80661eb4ac01fc497c70eb764a9bbdd6eb088b6a30413c1d5e8f635b153fb0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1449}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_work_queues_uses_random_offset_for_new_library_queue: Test function `test_process_work_queues_uses_random_offset_for_new_library_queue` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128943, "scanner": "repobility-ast-engine", "fingerprint": "ead4310ce3903138c4e869d27ce8c99dc97a9761da59e61d85496d45c11eb20e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ead4310ce3903138c4e869d27ce8c99dc97a9761da59e61d85496d45c11eb20e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1407}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_work_queues_skips_zero_limit_queues: Test function `test_process_work_queues_skips_zero_limit_queues` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128942, "scanner": "repobility-ast-engine", "fingerprint": "0a60f5dfdbf582a8d8600e82c40f6ba2dd75b9d362dd61b513c1d68799bb15a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a60f5dfdbf582a8d8600e82c40f6ba2dd75b9d362dd61b513c1d68799bb15a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1369}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_large_library_base_check_uses_pr_merge_commit_for_squash_merges: Test function `test_large_library_base_check_uses_pr_merge_commit_for_squash_merges` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128941, "scanner": "repobility-ast-engine", "fingerprint": "0103e9d4b71ad0f3b605e96c3a48e60a1bfae828fa7735b71ba14b7ed071a05f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0103e9d4b71ad0f3b605e96c3a48e60a1bfae828fa7735b71ba14b7ed071a05f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 1116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_not_for_native_image_pr_receives_metrics_repo_path_for_local_ci: Test function `test_not_for_native_image_pr_receives_metrics_repo_path_for_local_ci` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 128940, "scanner": "repobility-ast-engine", "fingerprint": "fa4e0dab12d18377253d4aebf27ffd7537a54914ab4533ea4427c45dd3b24ad3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa4e0dab12d18377253d4aebf27ffd7537a54914ab4533ea4427c45dd3b24ad3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/tests/test_forge_metadata.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._issue` used but never assigned in __init__: Method `get_issue_by_number` of class `FixtureGitHubState` reads `self._issue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128939, "scanner": "repobility-ast-engine", "fingerprint": "4cf9ea62c90ca585f92e32026b6f93c8b27dfc3540dfc3c75d6631d51e906ac3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4cf9ea62c90ca585f92e32026b6f93c8b27dfc3540dfc3c75d6631d51e906ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/fixture_github.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._resolve_carriage_returns` used but never assigned in __init__: Method `_copy_stream` of class `FixtureRunLogTee` reads `self._resolve_carriage_returns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128913, "scanner": "repobility-ast-engine", "fingerprint": "261628284d27eb41794f888c83987244db0aeefdb11795ac13abb794f489d5a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|261628284d27eb41794f888c83987244db0aeefdb11795ac13abb794f489d5a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1850}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stderr_read_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stderr_read_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128912, "scanner": "repobility-ast-engine", "fingerprint": "3c4ef1e28e300fee08c353c91ee22bf03adcd6f78435e9b9aaf7db629d268477", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c4ef1e28e300fee08c353c91ee22bf03adcd6f78435e9b9aaf7db629d268477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1808}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stdout_read_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stdout_read_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128911, "scanner": "repobility-ast-engine", "fingerprint": "2d2de2a9a8fc2ac4662e604b8503450c0cb2083a2eebc3b77e0be4b0e90d6467", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d2de2a9a8fc2ac4662e604b8503450c0cb2083a2eebc3b77e0be4b0e90d6467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1803}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._copy_stream` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._copy_stream`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128910, "scanner": "repobility-ast-engine", "fingerprint": "883c3cfdc47f78f557f8fcb182d4ef74fc8f3b300a84d12fd328896601c05f17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|883c3cfdc47f78f557f8fcb182d4ef74fc8f3b300a84d12fd328896601c05f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1807}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._copy_stream` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._copy_stream`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128909, "scanner": "repobility-ast-engine", "fingerprint": "af484c4ac5b31d2d30768e17961203a61ec27a1b284ab23eb993842419fcea39", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af484c4ac5b31d2d30768e17961203a61ec27a1b284ab23eb993842419fcea39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1802}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stderr_write_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stderr_write_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128908, "scanner": "repobility-ast-engine", "fingerprint": "32e8da2329b275bf7f3ba71f0bc976793567d92d4ea19df23ca6a3154c5ee97f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32e8da2329b275bf7f3ba71f0bc976793567d92d4ea19df23ca6a3154c5ee97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1817}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stdout_write_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stdout_write_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128907, "scanner": "repobility-ast-engine", "fingerprint": "19c2ab1be03b517ba8917c8266bfffb72c62b9b49dc8d85c2895f75aae1b2ca9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19c2ab1be03b517ba8917c8266bfffb72c62b9b49dc8d85c2895f75aae1b2ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1816}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stderr_write_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stderr_write_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128906, "scanner": "repobility-ast-engine", "fingerprint": "11d06d95a0b8d116f1ad4cd5ee43761f2eaafb3653249260b2deb9570d5cab18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11d06d95a0b8d116f1ad4cd5ee43761f2eaafb3653249260b2deb9570d5cab18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1815}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._stdout_write_fd` used but never assigned in __init__: Method `start` of class `FixtureRunLogTee` reads `self._stdout_write_fd`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128905, "scanner": "repobility-ast-engine", "fingerprint": "1aa2e4840af5c5c2afc376484795bf6e3eb9266ff43adaa233cfbe1e0003eeab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1aa2e4840af5c5c2afc376484795bf6e3eb9266ff43adaa233cfbe1e0003eeab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1814}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._acquire_exclusive_file_lock` used but never assigned in __init__: Method `acquire` of class `LocalIssueSearchCacheWriterLock` reads `self._acquire_exclusive_file_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128904, "scanner": "repobility-ast-engine", "fingerprint": "864e9e29baff0550b2303778f280e178503aac7ed476adcfb5755af53fef5496", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|864e9e29baff0550b2303778f280e178503aac7ed476adcfb5755af53fef5496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1043}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.release` used but never assigned in __init__: Method `__exit__` of class `LocalIssueSearchCacheWriterLock` reads `self.release`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128903, "scanner": "repobility-ast-engine", "fingerprint": "d157973f2e849ae50f8f852d9bc104b705ed1fa411b2a61e7d77f5d1e420cb12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d157973f2e849ae50f8f852d9bc104b705ed1fa411b2a61e7d77f5d1e420cb12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1038}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.acquire` used but never assigned in __init__: Method `__enter__` of class `LocalIssueSearchCacheWriterLock` reads `self.acquire`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128902, "scanner": "repobility-ast-engine", "fingerprint": "c8030967ddff632cd5ba8547c58b173a16dc88219f2cedb92806507dd38db056", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8030967ddff632cd5ba8547c58b173a16dc88219f2cedb92806507dd38db056"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 1034}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._acquire_exclusive_file_lock` used but never assigned in __init__: Method `acquire` of class `LocalIssueClaimCacheWriterLock` reads `self._acquire_exclusive_file_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128901, "scanner": "repobility-ast-engine", "fingerprint": "82ba593bb94e1419baa0db3709c183925d872ece3778d5980b6ef0de945e7100", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82ba593bb94e1419baa0db3709c183925d872ece3778d5980b6ef0de945e7100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 998}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.release` used but never assigned in __init__: Method `__exit__` of class `LocalIssueClaimCacheWriterLock` reads `self.release`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128900, "scanner": "repobility-ast-engine", "fingerprint": "f26ad0ab8ef1e4c69cf9853a536fbb4fc14e742d15bbb6a3579448c2998abbc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f26ad0ab8ef1e4c69cf9853a536fbb4fc14e742d15bbb6a3579448c2998abbc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 993}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.acquire` used but never assigned in __init__: Method `__enter__` of class `LocalIssueClaimCacheWriterLock` reads `self.acquire`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128899, "scanner": "repobility-ast-engine", "fingerprint": "915392e675a3e0e9cbac84f4eacfaa347aedd6db18d76e571baaf66709c7dbd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|915392e675a3e0e9cbac84f4eacfaa347aedd6db18d76e571baaf66709c7dbd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 989}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._forget_process_lock` used but never assigned in __init__: Method `_acquire_exclusive_file_lock` of class `LocalIssueClaimLock` reads `self._forget_process_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128898, "scanner": "repobility-ast-engine", "fingerprint": "e694a704d72d4b1fbe257dc0aca524201b738c16ce6b48731b1de28708274bac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e694a704d72d4b1fbe257dc0aca524201b738c16ce6b48731b1de28708274bac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 962}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_lock_owner` used but never assigned in __init__: Method `_acquire_exclusive_file_lock` of class `LocalIssueClaimLock` reads `self._write_lock_owner`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128897, "scanner": "repobility-ast-engine", "fingerprint": "b9cd33ae767f81602a42b85565b75e685be1b6246539c2da008b47b457b035f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9cd33ae767f81602a42b85565b75e685be1b6246539c2da008b47b457b035f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 966}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._forget_process_lock` used but never assigned in __init__: Method `_acquire_fcntl_lock` of class `LocalIssueClaimLock` reads `self._forget_process_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128896, "scanner": "repobility-ast-engine", "fingerprint": "404f7581fe3ff0ab6f1855fe15bd594689689dcc698699594c4d5693b52eeb8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|404f7581fe3ff0ab6f1855fe15bd594689689dcc698699594c4d5693b52eeb8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 950}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_lock_owner` used but never assigned in __init__: Method `_acquire_fcntl_lock` of class `LocalIssueClaimLock` reads `self._write_lock_owner`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128895, "scanner": "repobility-ast-engine", "fingerprint": "25237fb9005384a8d30c9d48ddf0a17b25e8feefd7675b63a0f48059474ffca0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25237fb9005384a8d30c9d48ddf0a17b25e8feefd7675b63a0f48059474ffca0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 955}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._forget_process_lock` used but never assigned in __init__: Method `release` of class `LocalIssueClaimLock` reads `self._forget_process_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128894, "scanner": "repobility-ast-engine", "fingerprint": "43f98c0cdc9b863e8a93ba0f0b87033bd35c53a716c267dc94385517c5ff7e1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43f98c0cdc9b863e8a93ba0f0b87033bd35c53a716c267dc94385517c5ff7e1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 941}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._forget_process_lock` used but never assigned in __init__: Method `release` of class `LocalIssueClaimLock` reads `self._forget_process_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128893, "scanner": "repobility-ast-engine", "fingerprint": "42f8fadc48281163fc9ffac60edb1dedb806e9d0274c0707da85978a743a839d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42f8fadc48281163fc9ffac60edb1dedb806e9d0274c0707da85978a743a839d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 929}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._forget_process_lock` used but never assigned in __init__: Method `acquire` of class `LocalIssueClaimLock` reads `self._forget_process_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128892, "scanner": "repobility-ast-engine", "fingerprint": "a4261d110db28840e3251f34e13aa178a80f4237c41bb158679de19df087108d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4261d110db28840e3251f34e13aa178a80f4237c41bb158679de19df087108d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 924}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._acquire_exclusive_file_lock` used but never assigned in __init__: Method `acquire` of class `LocalIssueClaimLock` reads `self._acquire_exclusive_file_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128891, "scanner": "repobility-ast-engine", "fingerprint": "3c93e2e6979e6d7bae90d97dc87d462d35ccc1e757ca0b92ea7a3fed6aebd2ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c93e2e6979e6d7bae90d97dc87d462d35ccc1e757ca0b92ea7a3fed6aebd2ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 921}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._acquire_fcntl_lock` used but never assigned in __init__: Method `acquire` of class `LocalIssueClaimLock` reads `self._acquire_fcntl_lock`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 128890, "scanner": "repobility-ast-engine", "fingerprint": "da06cb75a312d8375a1ab56319196c27e00c3536d786ad25788fb012d7ac373a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da06cb75a312d8375a1ab56319196c27e00c3536d786ad25788fb012d7ac373a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/forge_metadata.py"}, "region": {"startLine": 922}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 128865, "scanner": "repobility-threat-engine", "fingerprint": "668de7c425179b5f933b76b036d6e8ee8b4f73b13cdc75dfe69f038378513f24", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|668de7c425179b5f933b76b036d6e8ee8b4f73b13cdc75dfe69f038378513f24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/native_image_artifact.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 128864, "scanner": "repobility-threat-engine", "fingerprint": "819591fab7a400577f5df29dd3cb237cac5ae8df9aae67004eb6e34153db251c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "seen_packages.update(new_packages)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|819591fab7a400577f5df29dd3cb237cac5ae8df9aae67004eb6e34153db251c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/library_finalization.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 128863, "scanner": "repobility-threat-engine", "fingerprint": "31806ac28ea979477a5086c3e9a324ef021dc0e8ef2ea31c4807ec8e3b95af98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31806ac28ea979477a5086c3e9a324ef021dc0e8ef2ea31c4807ec8e3b95af98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/gradle_test_runner.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 128862, "scanner": "repobility-threat-engine", "fingerprint": "e64c62475a46449d5433a91c28d5f1352d9c8ee92186e5960bd6a7e4d4f691c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e64c62475a46449d5433a91c28d5f1352d9c8ee92186e5960bd6a7e4d4f691c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/shutdown_signal.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 128861, "scanner": "repobility-threat-engine", "fingerprint": "cc475dbc96034b741b8a36cc0b7dc2d53e21d13c54368b74331c8fbdccbfdfeb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc475dbc96034b741b8a36cc0b7dc2d53e21d13c54368b74331c8fbdccbfdfeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/gradle_test_runner.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 128860, "scanner": "repobility-threat-engine", "fingerprint": "8d091b75fe6b98165435585a4f3e576da5e6921e2427f9031c493f85ce3ad82e", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"-Pcoordinates=(?P<coordinates>[^\\s]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|113|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/gradle_test_runner.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 128858, "scanner": "repobility-threat-engine", "fingerprint": "08a9cfcf23bf966f28283725355ad0b8de7f73e873f7d7537f2dda4b5d3fd325", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08a9cfcf23bf966f28283725355ad0b8de7f73e873f7d7537f2dda4b5d3fd325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/shutdown_signal.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 128857, "scanner": "repobility-threat-engine", "fingerprint": "2f5d19c6086015839ed0354ad8aeae1c0d8bf8617d8047dbd5f3eb77bd2d46d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f5d19c6086015839ed0354ad8aeae1c0d8bf8617d8047dbd5f3eb77bd2d46d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/utility_scripts/gradle_environment.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, break=1, continue=1, else=2, for=1, if=5, nested_bonus=12, or=1, recursion=1, ternary=2, while=1."}, "properties": {"repobilityId": 128852, "scanner": "repobility-threat-engine", "fingerprint": "c7a3ee786fac6a57400503dbccd43036b97ed2b234a65623db9249336f0635f6", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run", "breakdown": {"if": 5, "or": 1, "and": 1, "for": 1, "else": 2, "break": 1, "while": 1, "ternary": 2, "continue": 1, "recursion": 1, "nested_bonus": 12}, "complexity": 28, "correlation_key": "fp|c7a3ee786fac6a57400503dbccd43036b97ed2b234a65623db9249336f0635f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forge/ai_workflows/core/basic_iterative_strategy.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 128845, "scanner": "repobility-threat-engine", "fingerprint": "eaca91d74aa47a23394cd89c7139bc8645d0a37393e6af695dad38149769fdc2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(globToRegex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|eaca91d74aa47a23394cd89c7139bc8645d0a37393e6af695dad38149769fdc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/detect-file-changes/detect-file-changes.js"}, "region": {"startLine": 197}}}]}]}]}