{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 11 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED011", "name": "[MINED011] Scala Get On Option (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED011] Scala Get On Option (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED048] Php Error Suppress (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED086", "name": "[MINED086] Kotlin Runtime Exception: Throwing bare RuntimeException loses type info.", "shortDescription": {"text": "[MINED086] Kotlin Runtime Exception: Throwing bare RuntimeException loses type info."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED002", "name": "[MINED002] Dart Null Bang (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED002] Dart Null Bang (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 73 more): Same pattern found in 73 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 73 more): Same pattern found in 73 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED046", "name": "[MINED046] Dart Print (and 21 more): Same pattern found in 21 additional files. Review if needed.", "shortDescription": {"text": "[MINED046] Dart Print (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v3`: `uses: dorny/paths-filter@v3` resolves at workflow-r", "shortDescription": {"text": "[MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v3`: `uses: dorny/paths-filter@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025"}, "fullDescription": {"text": "Replace with: `uses: dorny/paths-filter@<40-char-sha>  # v3` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED117", "name": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workfl", "shortDescription": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter "}, "fullDescription": {"text": "Replace with a scoped block: `permissions:\\n  contents: read\\n  issues: write` (only the scopes you need)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_zip: Test function `test_zip` runs code but contains no assert / expect / should ", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_zip: Test function `test_zip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_parse_size` of class `GNTestCase` reads ", "shortDescription": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_parse_size` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError"}, "fullDescription": {"text": "Initialize `self.assertEqual = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED029", "name": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety.", "shortDescription": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. T", "shortDescription": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import stat` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED005", "name": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection.", "shortDescription": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/721"}, "properties": {"repository": "flutter/flutter", "repoUrl": "https://github.com/flutter/flutter", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 58763, "scanner": "repobility-ast-engine", "fingerprint": "08977e245a6fa0f60f6691ef5fab7f837dea4d3bb6ae57bc34bed0c5779f5d70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08977e245a6fa0f60f6691ef5fab7f837dea4d3bb6ae57bc34bed0c5779f5d70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/fuchsia/with_envs.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 58762, "scanner": "repobility-ast-engine", "fingerprint": "1d612a109b6e0c4af4743b6760e4aade38b25d0f8d0906999a78a65f658da8ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d612a109b6e0c4af4743b6760e4aade38b25d0f8d0906999a78a65f658da8ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/testing/benchmark/displaylist_benchmark_parser.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 58761, "scanner": "repobility-ast-engine", "fingerprint": "73293037fc9a57f7c88e01500077e97065b5d9c4ea3fff5a4afa34d03fe8f8ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73293037fc9a57f7c88e01500077e97065b5d9c4ea3fff5a4afa34d03fe8f8ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/testing/run_tests.py"}, "region": {"startLine": 1139}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 58702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5bafa92a512c0db3bccbf2537d1d362b432a98997a9dfa6eaf188a02055a1e1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|a5bafa92a512c0db3bccbf2537d1d362b432a98997a9dfa6eaf188a02055a1e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/shell/platform/embedder/embedder_semantics_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 58684, "scanner": "repobility-threat-engine", "fingerprint": "734efe1cdd2098e19eedaa532ed307df96c86c260c874a4130c70ee9d02efd58", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|66|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/ci/scan_deps.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 58683, "scanner": "repobility-threat-engine", "fingerprint": "ea6bbd6ffa18f837bbd2c9f6920ba457c006dca86eaaa2dcc7283f31d7101a01", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.check_output(\n        'git remote show upstream ' + \"| sed -n \\'/HEAD branch/s/.*: //p\\'\"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|153|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/ci/scan_deps.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 58662, "scanner": "repobility-threat-engine", "fingerprint": "2f981ae7387c97102ddbc3264afa716c22feef1b9945d6a48db7a80c65bb2e0f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Foo Bar\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2f981ae7387c97102ddbc3264afa716c22feef1b9945d6a48db7a80c65bb2e0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/renderer/backend/vulkan/driver_info_vk_unittests.cc"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 58661, "scanner": "repobility-threat-engine", "fingerprint": "dbd87828525b93fdf3559efeb680686deb096d7edd0eae9269c302a54cb7f450", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dbd87828525b93fdf3559efeb680686deb096d7edd0eae9269c302a54cb7f450"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/web_e2e_tests/test_driver/text_editing_integration.dart"}, "region": {"startLine": 227}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 58660, "scanner": "repobility-threat-engine", "fingerprint": "3ad237bb96d4efae25b6c63f482a34df3c7167b1329e83ee9c55ac37e6b62cee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3ad237bb96d4efae25b6c63f482a34df3c7167b1329e83ee9c55ac37e6b62cee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/automated_tests/flutter_test/print_correct_local_widget_test.dart"}, "region": {"startLine": 27}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 58734, "scanner": "repobility-web-presence", "fingerprint": "69246953e9813284584756edda78a775d1bf9a20d6d73043d3bd3443f858bd02", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|69246953e9813284584756edda78a775d1bf9a20d6d73043d3bd3443f858bd02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".agents/skills/analyze-github-flake/SKILL.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 58733, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ffa205710e65c674b733ccfb44c665ad2525fe50f4aa0f14a8ed1239491c0cc4", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "SemanticsUpdate", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "engine/src/flutter/lib/ui/semantics.dart", "correlation_key": "fp|ffa205710e65c674b733ccfb44c665ad2525fe50f4aa0f14a8ed1239491c0cc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/lib/ui/semantics/semantics_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58732, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a602f9abca732ee31971d8c1bc6be062ae31b63f0f2ff74c0087877720365860", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|a602f9abca732ee31971d8c1bc6be062ae31b63f0f2ff74c0087877720365860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_transform_main.dart"}, "region": {"startLine": 139}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58731, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29eabc9711b5210f6170b3e3493ca579523b5fc7fcc62f14b5f554a8d3bea676", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart", "duplicate_line": 178, "correlation_key": "fp|29eabc9711b5210f6170b3e3493ca579523b5fc7fcc62f14b5f554a8d3bea676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_transform_main.dart"}, "region": {"startLine": 138}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58730, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf7c15ae8a19be264ba815a21abc8284607bcf61f8e2c7bf845bdeed6636b2c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_opacity_main.dart", "duplicate_line": 69, "correlation_key": "fp|cf7c15ae8a19be264ba815a21abc8284607bcf61f8e2c7bf845bdeed6636b2c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_transform_main.dart"}, "region": {"startLine": 137}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58729, "scanner": "repobility-ai-code-hygiene", "fingerprint": "258adae197cea9a685bf58c105d9897ccba1a832952d31c6681485f35e69de37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart", "duplicate_line": 10, "correlation_key": "fp|258adae197cea9a685bf58c105d9897ccba1a832952d31c6681485f35e69de37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_transform_main.dart"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58728, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8716e21336b5c0b08ffa053150b7a20cb5136b05c3f6a9fde01211e0ada6c3e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart", "duplicate_line": 5, "correlation_key": "fp|8716e21336b5c0b08ffa053150b7a20cb5136b05c3f6a9fde01211e0ada6c3e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_transform_main.dart"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58727, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da9199a61274b6f9bd80fae44a530c29c1e8537665a416e87c186ce712359262", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clear_hidden.dart", "duplicate_line": 5, "correlation_key": "fp|da9199a61274b6f9bd80fae44a530c29c1e8537665a416e87c186ce712359262"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlay_layer_cleared.dart"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58726, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5eebd1503b210aab826230f36637c36fd83d698cff7b6c9b4477a8c8ded4c28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_main.dart", "duplicate_line": 32, "correlation_key": "fp|e5eebd1503b210aab826230f36637c36fd83d698cff7b6c9b4477a8c8ded4c28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58725, "scanner": "repobility-ai-code-hygiene", "fingerprint": "143dddf0396a13cd4e2d2c0ff629f25b76a2d0c68a41129762eea830edeb280c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|143dddf0396a13cd4e2d2c0ff629f25b76a2d0c68a41129762eea830edeb280c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58724, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d374830e43b3b0ebbe2d6668d1961ca4606b5eb68b3533c4b32890a6eb215a69", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart", "duplicate_line": 178, "correlation_key": "fp|d374830e43b3b0ebbe2d6668d1961ca4606b5eb68b3533c4b32890a6eb215a69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58723, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48e0e4b0037bb5356393a2a541a1d661f2bb43f70aac0100eb5bb10d1a73bda6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_opacity_main.dart", "duplicate_line": 68, "correlation_key": "fp|48e0e4b0037bb5356393a2a541a1d661f2bb43f70aac0100eb5bb10d1a73bda6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58722, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0055c29546ffcfd3fe96c8acaac898e72da3b0d6ea8b1c7730c4742869f64050", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart", "duplicate_line": 5, "correlation_key": "fp|0055c29546ffcfd3fe96c8acaac898e72da3b0d6ea8b1c7730c4742869f64050"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_overlapping_main.dart"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58721, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f395a3969091df68b91a3d906358171f7b307c640341768ef8192666e42944f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|9f395a3969091df68b91a3d906358171f7b307c640341768ef8192666e42944f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_opacity_main.dart"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58720, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba9a8afdcf62ba494e9dc02b2040f9eeff998f481758b680400a8af39bed2228", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart", "duplicate_line": 178, "correlation_key": "fp|ba9a8afdcf62ba494e9dc02b2040f9eeff998f481758b680400a8af39bed2228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_opacity_main.dart"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58719, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ca060f588fa2b9a5c53d03eb07dc51cbbd059cb29bec66c7abb7f03a7f559b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart", "duplicate_line": 5, "correlation_key": "fp|5ca060f588fa2b9a5c53d03eb07dc51cbbd059cb29bec66c7abb7f03a7f559b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_opacity_main.dart"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58718, "scanner": "repobility-ai-code-hygiene", "fingerprint": "335f085d5cf4b7299edb2eb5e3b67e3af74f79ce1a634c50942d25f3c4d9e625", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart", "duplicate_line": 192, "correlation_key": "fp|335f085d5cf4b7299edb2eb5e3b67e3af74f79ce1a634c50942d25f3c4d9e625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_main.dart"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecc4452dcf411a6062c194f9dfa41d0f959698f5e08699ba4a09240fec0c671f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|ecc4452dcf411a6062c194f9dfa41d0f959698f5e08699ba4a09240fec0c671f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_main.dart"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58716, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cac4a3004d4a9a332760d9b53757c542a153005d0818cddd04f5882f7f4a116", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart", "duplicate_line": 9, "correlation_key": "fp|2cac4a3004d4a9a332760d9b53757c542a153005d0818cddd04f5882f7f4a116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_main.dart"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58715, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c35a47a8ed8d7de492ced3f4c735b70facfeb4b7df99d2d4e1ed0852822fc58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|8c35a47a8ed8d7de492ced3f4c735b70facfeb4b7df99d2d4e1ed0852822fc58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58714, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24492bf69d385c7708d3c035ac357fc6005e63f459a9df1ce275306851fc9ffc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart", "duplicate_line": 178, "correlation_key": "fp|24492bf69d385c7708d3c035ac357fc6005e63f459a9df1ce275306851fc9ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_cliprect_surfaceview_main.dart"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58713, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d043fb31ddb1e084bcaf07e7c6c21521598f5be0afb213c90adbc543955d540", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/hcpp/hc_errors_with_hcpp_enabled.dart", "duplicate_line": 43, "correlation_key": "fp|8d043fb31ddb1e084bcaf07e7c6c21521598f5be0afb213c90adbc543955d540"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/hcpp/platform_view_clippath_main.dart"}, "region": {"startLine": 179}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58712, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d116f45fa56d71236b5248e1ed443c452fefc4e127cd19c41208671adef51e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/integration_tests/android_engine_test/lib/external_texture/surface_producer_smiley_face_main.dart", "duplicate_line": 8, "correlation_key": "fp|6d116f45fa56d71236b5248e1ed443c452fefc4e127cd19c41208671adef51e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_engine_test/lib/external_texture/surface_texture_smiley_face_main.dart"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58711, "scanner": "repobility-ai-code-hygiene", "fingerprint": "014318ffae3bb975598b94b98d5463eb7f7e5fe4c6532acfa1e0208f7a7fc80c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/devicelab/lib/tasks/hot_mode_tests.dart", "duplicate_line": 57, "correlation_key": "fp|014318ffae3bb975598b94b98d5463eb7f7e5fe4c6532acfa1e0208f7a7fc80c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/devicelab/lib/tasks/web_dev_mode_tests.dart"}, "region": {"startLine": 132}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58710, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f6234527f6ef68ae4fad07e47c652edf27a098842d8c8fdf14a8189a073182e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/devicelab/lib/tasks/hot_mode_tests.dart", "duplicate_line": 252, "correlation_key": "fp|5f6234527f6ef68ae4fad07e47c652edf27a098842d8c8fdf14a8189a073182e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/devicelab/lib/tasks/native_assets_test.dart"}, "region": {"startLine": 130}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58709, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d44de9825d2ae4ddb389c25df521af55929e9889c9b57a665b2f0389d3de47c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/devicelab/lib/tasks/android_choreographer_do_frame_test.dart", "duplicate_line": 119, "correlation_key": "fp|4d44de9825d2ae4ddb389c25df521af55929e9889c9b57a665b2f0389d3de47c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/devicelab/lib/tasks/android_lifecycles_test.dart"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58708, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0859238998583d03d1e223d87d9525117eceb92b186b80b0e41450241536b208", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/bots/prepare_package.dart", "duplicate_line": 52, "correlation_key": "fp|0859238998583d03d1e223d87d9525117eceb92b186b80b0e41450241536b208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/unpublish_package.dart"}, "region": {"startLine": 346}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58707, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24ef3141bc9e3955f4952ca32373b8e9856ef42cb971f0497864788bcf052e08", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/bots/prepare_package/process_runner.dart", "duplicate_line": 14, "correlation_key": "fp|24ef3141bc9e3955f4952ca32373b8e9856ef42cb971f0497864788bcf052e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/unpublish_package.dart"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58706, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6f214fdf615a47ea2a60be7f85daa5070bf11a213d2c03531f04c237ddbd7d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/bots/suite_runners/run_android_java17_integration_tool_tests.dart", "duplicate_line": 8, "correlation_key": "fp|d6f214fdf615a47ea2a60be7f85daa5070bf11a213d2c03531f04c237ddbd7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/suite_runners/run_android_preview_integration_tool_tests.dart"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58705, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f9704921f0e7d6796761627a1a5f8fb6003935b2556972217aba5a313071190", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/bots/check_code_samples.dart", "duplicate_line": 44, "correlation_key": "fp|1f9704921f0e7d6796761627a1a5f8fb6003935b2556972217aba5a313071190"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/check_tests_cross_imports.dart"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3147e1752831eec673340eea6f656e7a6d2863e12a79b386539b6120bb2aa52c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/automated_tests/flutter_test/exception_handling_test.dart", "duplicate_line": 1, "correlation_key": "fp|3147e1752831eec673340eea6f656e7a6d2863e12a79b386539b6120bb2aa52c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/automated_tests/integration_test/exception_handling_test.dart"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 58703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0d49c18614e9c0a43a2f84cdd5d35823fb4d5eb43c164dca2b0fbfb25f49d75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dev/a11y_assessments/lib/use_cases/action_chip.dart", "duplicate_line": 10, "correlation_key": "fp|e0d49c18614e9c0a43a2f84cdd5d35823fb4d5eb43c164dca2b0fbfb25f49d75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/a11y_assessments/lib/use_cases/card.dart"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 58701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "323d009e03d83d05a26d30bfe582042a15a1c50fecd2efbacbd8e1d30bfeaec8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|323d009e03d83d05a26d30bfe582042a15a1c50fecd2efbacbd8e1d30bfeaec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/shell/platform/embedder/embedder_semantics_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 58700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0897a92e6344948d5de6039e268016dca15e94c71881c394eba2beade2cb2e9d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|0897a92e6344948d5de6039e268016dca15e94c71881c394eba2beade2cb2e9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/lib/ui/semantics/semantics_update.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 58699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "13bd96938b4dfded89fc2767a0133cc60fdac79ba85abc73f80640dbd61f4760", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|13bd96938b4dfded89fc2767a0133cc60fdac79ba85abc73f80640dbd61f4760"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/prepare_package/transactional_update.dart"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=4, else=3, except=1, if=3."}, "properties": {"repobilityId": 58688, "scanner": "repobility-threat-engine", "fingerprint": "50f3cde52403345e970c7bee25218deb18c133a3422541b0c6e783fb9928bf61", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "elif": 4, "else": 3, "except": 1}, "complexity": 11, "correlation_key": "fp|50f3cde52403345e970c7bee25218deb18c133a3422541b0c6e783fb9928bf61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/tools/metal_library.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_deps` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=1, for=1, if=3, nested_bonus=2."}, "properties": {"repobilityId": 58687, "scanner": "repobility-threat-engine", "fingerprint": "0da1b6ab220cb30e90e6ea869bf877a78dde6acdb0d5107a09fe1850d3597530", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_deps", "breakdown": {"if": 3, "for": 1, "except": 1, "continue": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|0da1b6ab220cb30e90e6ea869bf877a78dde6acdb0d5107a09fe1850d3597530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/ci/scan_deps.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 58698, "scanner": "repobility-threat-engine", "fingerprint": "d92ca07a2927dc9db979ad25589318041410bdac37217e7ee6d348661d3b898f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d92ca07a2927dc9db979ad25589318041410bdac37217e7ee6d348661d3b898f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/tools/xxd.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 58697, "scanner": "repobility-threat-engine", "fingerprint": "4463b1b0473dc5b875860e57d1cb10e49aa2607b35fc3862de674f136f535769", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4463b1b0473dc5b875860e57d1cb10e49aa2607b35fc3862de674f136f535769"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/tools/metal_library.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 58696, "scanner": "repobility-threat-engine", "fingerprint": "09c7574a889034117fc5a62903d61cf1eeb3d9cf901232146084a5580cf1c91f", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"Building target '$target' in $config...\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|20|print building target target in config..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/tools/malioc_download_and_diff.dart"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 58694, "scanner": "repobility-threat-engine", "fingerprint": "3d75ee1f29af094095075e32f3af63370cf9bb7f00e2e52916ce42d010ba6d68", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d75ee1f29af094095075e32f3af63370cf9bb7f00e2e52916ce42d010ba6d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/renderer/backend/metal/surface_mtl.mm"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED011", "level": "none", "message": {"text": "[MINED011] Scala Get On Option (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 58692, "scanner": "repobility-threat-engine", "fingerprint": "2cf69f3a4e7afd51e73ff844a729bf05f9b29128187f6c016e00cc6ad50f7760", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2cf69f3a4e7afd51e73ff844a729bf05f9b29128187f6c016e00cc6ad50f7760", "aggregated_count": 4}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 58682, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 58678, "scanner": "repobility-threat-engine", "fingerprint": "24623833314ddae7ab588d7707bb4820460cf22c9af843a27aab14665c0aff35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24623833314ddae7ab588d7707bb4820460cf22c9af843a27aab14665c0aff35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/ios_host_app/Host/AppDelegate.m"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 58677, "scanner": "repobility-threat-engine", "fingerprint": "7b8c99469a6aecff9ac5d3c60f8e6ec7c76861098a131aaf761bf36e02c5902a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b8c99469a6aecff9ac5d3c60f8e6ec7c76861098a131aaf761bf36e02c5902a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/ios_add2app_life_cycle/ios_add2app/AppDelegate.m"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 58676, "scanner": "repobility-threat-engine", "fingerprint": "af165f75e834f9201850581572cecb4e9c05b769060119058e7d51ae3f37a73a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|af165f75e834f9201850581572cecb4e9c05b769060119058e7d51ae3f37a73a", "aggregated_count": 17}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 58675, "scanner": "repobility-threat-engine", "fingerprint": "fbc666ba58104d3466dd4dd783872b4659ee5199f28cf04625f59d2af7f62271", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fbc666ba58104d3466dd4dd783872b4659ee5199f28cf04625f59d2af7f62271"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/ios_add2app_life_cycle/ios_add2app/AppDelegate.m"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 58674, "scanner": "repobility-threat-engine", "fingerprint": "0ff13ad940efe59255cb6685fb56664316d94d7deb9c3434c92accca129e4bce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ff13ad940efe59255cb6685fb56664316d94d7deb9c3434c92accca129e4bce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/external_textures/ios/Runner/TextureViewController.m"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 58673, "scanner": "repobility-threat-engine", "fingerprint": "22bae3981b33b13613551a99c58a6020cc05178e2cfdd6c483c3bb1ea666b96a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|22bae3981b33b13613551a99c58a6020cc05178e2cfdd6c483c3bb1ea666b96a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/channels/ios/Runner/AppDelegate.m"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 58672, "scanner": "repobility-threat-engine", "fingerprint": "42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d"}}}, {"ruleId": "MINED086", "level": "none", "message": {"text": "[MINED086] Kotlin Runtime Exception: Throwing bare RuntimeException loses type info."}, "properties": {"repobilityId": 58668, "scanner": "repobility-threat-engine", "fingerprint": "e8f3b197f840e52fea16814dfe5b79bba4644f5d18f1e0f0fcd59cf08ab85b1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-runtime-exception", "owasp": null, "cwe_ids": [], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348138+00:00", "triaged_in_corpus": 12, "observations_count": 751, "ai_coder_pattern_id": 156}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8f3b197f840e52fea16814dfe5b79bba4644f5d18f1e0f0fcd59cf08ab85b1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_hardware_smoke_test/android/app/src/androidTest/java/com/example/android_hardware_smoke_test/FlutterActivityTest.kt"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED002", "level": "none", "message": {"text": "[MINED002] Dart Null Bang (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 58666, "scanner": "repobility-threat-engine", "fingerprint": "8624c563bc8b5aa5e605696c6a91534c83128af247b7ba7575ac016532e05765", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8624c563bc8b5aa5e605696c6a91534c83128af247b7ba7575ac016532e05765", "aggregated_count": 4}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 73 more): Same pattern found in 73 additional files. Review if needed."}, "properties": {"repobilityId": 58659, "scanner": "repobility-threat-engine", "fingerprint": "f3e0957cd16ed69385f1061e3a416b14ab7641328547032a9a25916f25818304", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 73 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f3e0957cd16ed69385f1061e3a416b14ab7641328547032a9a25916f25818304", "aggregated_count": 73}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 58658, "scanner": "repobility-threat-engine", "fingerprint": "0b89961f508bc6853572635f650d3daaff8b434cf74a59b39aee7d2d4d90336f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b89961f508bc6853572635f650d3daaff8b434cf74a59b39aee7d2d4d90336f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/data_asset_app/windows/runner/win32_window.cpp"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 58657, "scanner": "repobility-threat-engine", "fingerprint": "66272c683086cf0499878ea08dd9aa47ac7ee2f3190d3d27ecdcd33db60725a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66272c683086cf0499878ea08dd9aa47ac7ee2f3190d3d27ecdcd33db60725a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/benchmarks/complex_layout/windows/runner/win32_window.cpp"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 58656, "scanner": "repobility-threat-engine", "fingerprint": "56d44d204957d396201bd1a69173cc0300fe17e06df14fb85532170ed7691178", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56d44d204957d396201bd1a69173cc0300fe17e06df14fb85532170ed7691178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/a11y_assessments/windows/runner/win32_window.cpp"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 58655, "scanner": "repobility-threat-engine", "fingerprint": "bce637ecbb36c35303e54a18cdbb6838158e72fbe2da4645d3fe23416d983ba9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bce637ecbb36c35303e54a18cdbb6838158e72fbe2da4645d3fe23416d983ba9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/ios_platform_view_tests/ios/Runner/LinkNavigationWebView.m"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 58654, "scanner": "repobility-threat-engine", "fingerprint": "0d7a634ff99ca07fb75fa9d1d3877bc4ee80d59ca336f56246f485dd557299ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d7a634ff99ca07fb75fa9d1d3877bc4ee80d59ca336f56246f485dd557299ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/docs/assets/snippets.js"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 58653, "scanner": "repobility-threat-engine", "fingerprint": "1a4d86a3f2979f7908cc7e2d1125c2183eea986c63132a69e75614924ec99c40", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a4d86a3f2979f7908cc7e2d1125c2183eea986c63132a69e75614924ec99c40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/no-response.js"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 58652, "scanner": "repobility-threat-engine", "fingerprint": "af4283a33de51ad7729675de1ee001c7b99ee67c81250bf68d4bc4c67de47806", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|af4283a33de51ad7729675de1ee001c7b99ee67c81250bf68d4bc4c67de47806", "aggregated_count": 21}}}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 58651, "scanner": "repobility-threat-engine", "fingerprint": "6ad051ac7eb37af0d70e5f7bf934da26d0ca121bb3de4df067c25bf8eb490e78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ad051ac7eb37af0d70e5f7bf934da26d0ca121bb3de4df067c25bf8eb490e78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/automated_tests/test_smoke_test/fail_test_on_exception_after_test.dart"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 58650, "scanner": "repobility-threat-engine", "fingerprint": "f9cc89c65e3e02030e9b6c590544967ca7ee1e8451951004aa7d83e98b6c0aa7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9cc89c65e3e02030e9b6c590544967ca7ee1e8451951004aa7d83e98b6c0aa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/automated_tests/test_smoke_test/crash1_test.dart"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 58649, "scanner": "repobility-threat-engine", "fingerprint": "5f107c658b44b60ed5bcd3b698fa60d10e1a0343c2457fcc0078b77dabce9d85", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f107c658b44b60ed5bcd3b698fa60d10e1a0343c2457fcc0078b77dabce9d85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".agents/skills/upgrade-browser/scripts/fetch_versions.dart"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v3`: `uses: dorny/paths-filter@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 58768, "scanner": "repobility-supply-chain", "fingerprint": "c68808b7721282aebfe62e61e3defba6b03e3a39e54b98b84aa7e7a7abd828cb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c68808b7721282aebfe62e61e3defba6b03e3a39e54b98b84aa7e7a7abd828cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/freeze.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 58767, "scanner": "repobility-supply-chain", "fingerprint": "28d20e60e7df0d516a6fde7cfdeea5a1170ae7e140dab7a62990f6cb89345f8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28d20e60e7df0d516a6fde7cfdeea5a1170ae7e140dab7a62990f6cb89345f8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/.github/workflows/engine-cp.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 58766, "scanner": "repobility-supply-chain", "fingerprint": "bdb9032c7c500f55d77e9cf98467be6c6c15c4a6c80094c8c20acd02c5e2aa26", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bdb9032c7c500f55d77e9cf98467be6c6c15c4a6c80094c8c20acd02c5e2aa26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/.github/workflows/third_party_scan.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_zip: Test function `test_zip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 58764, "scanner": "repobility-ast-engine", "fingerprint": "211c745f6822505b586a01c0c9a1b80716e167b81ee208389db38a41c540f93d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|211c745f6822505b586a01c0c9a1b80716e167b81ee208389db38a41c540f93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/font_subset/test.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_parse_size` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58760, "scanner": "repobility-ast-engine", "fingerprint": "4eb0e58e5a27aa083811ed52dd028979a1fd18bdcdc9d0e40bf2f68ac4cc5ead", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4eb0e58e5a27aa083811ed52dd028979a1fd18bdcdc9d0e40bf2f68ac4cc5ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_parse_size` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58759, "scanner": "repobility-ast-engine", "fingerprint": "c1ccf1f9dac874a6c1a46c0a40a21c5bdc18121be48e4e4096995c859d2b6fed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1ccf1f9dac874a6c1a46c0a40a21c5bdc18121be48e4e4096995c859d2b6fed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_parse_size` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58758, "scanner": "repobility-ast-engine", "fingerprint": "dd3e62e99ac24950fdf01b7cbfcb59a62b0e062bcf5c8750e316aa9d5ddb70e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd3e62e99ac24950fdf01b7cbfcb59a62b0e062bcf5c8750e316aa9d5ddb70e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._gn_args` used but never assigned in __init__: Method `test_cannot_use_ios_and_enable_unittests` of class `GNTestCase` reads `self._gn_args`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58757, "scanner": "repobility-ast-engine", "fingerprint": "d15469e53eceebc3a97b0b54e70d6b84d398d39f9e662980fdfd638254f032ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d15469e53eceebc3a97b0b54e70d6b84d398d39f9e662980fdfd638254f032ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_cannot_use_ios_and_enable_unittests` of class `GNTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58756, "scanner": "repobility-ast-engine", "fingerprint": "048c3e1d2007d2a627bdc56cffb4f1d97da266873271a58a41b7d6ecfb4210ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|048c3e1d2007d2a627bdc56cffb4f1d97da266873271a58a41b7d6ecfb4210ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._gn_args` used but never assigned in __init__: Method `test_cannot_use_android_and_enable_unittests` of class `GNTestCase` reads `self._gn_args`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58755, "scanner": "repobility-ast-engine", "fingerprint": "68046082dc4549dc2941aa0f0b377b1d4592ef6edc8dd1293b11729f4d04ab77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68046082dc4549dc2941aa0f0b377b1d4592ef6edc8dd1293b11729f4d04ab77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_cannot_use_android_and_enable_unittests` of class `GNTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58754, "scanner": "repobility-ast-engine", "fingerprint": "2d00f988a2e750a97a4f09d3bcf495b1710d9cd016c605b2b5eff7697f91fcfb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d00f988a2e750a97a4f09d3bcf495b1710d9cd016c605b2b5eff7697f91fcfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._gn_args` used but never assigned in __init__: Method `test_to_gn_args` of class `GNTestCase` reads `self._gn_args`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58753, "scanner": "repobility-ast-engine", "fingerprint": "30aedbd3eb99e9b6735a5c9895204bdae26bc6a0229fd51c13e110a68bd1b3e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30aedbd3eb99e9b6735a5c9895204bdae26bc6a0229fd51c13e110a68bd1b3e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._gn_args` used but never assigned in __init__: Method `test_to_gn_args` of class `GNTestCase` reads `self._gn_args`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58752, "scanner": "repobility-ast-engine", "fingerprint": "b5b23eee5286c7db55511becc9715a7525fb8110ac1dc4bd1ab611242337c125", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5b23eee5286c7db55511becc9715a7525fb8110ac1dc4bd1ab611242337c125"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_to_gn_args` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58751, "scanner": "repobility-ast-engine", "fingerprint": "985014c1b66705846c693e4633d2b526e4b6f6b7a577c464b43d8afa5f027883", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|985014c1b66705846c693e4633d2b526e4b6f6b7a577c464b43d8afa5f027883"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_to_gn_args` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58750, "scanner": "repobility-ast-engine", "fingerprint": "1e9e2af97efa4dc00b74697bfe66693d74e5475a80be17c060e834aac9b7ed3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e9e2af97efa4dc00b74697bfe66693d74e5475a80be17c060e834aac9b7ed3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58749, "scanner": "repobility-ast-engine", "fingerprint": "f157d52db862cf75d8bc3c2db1cd5f97cfd820e25d3b7da828a998356d4615e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f157d52db862cf75d8bc3c2db1cd5f97cfd820e25d3b7da828a998356d4615e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58748, "scanner": "repobility-ast-engine", "fingerprint": "177f5ebace541245812d0b40d29c8d4c0d848808b7054d78649e3aad4ebd3a7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|177f5ebace541245812d0b40d29c8d4c0d848808b7054d78649e3aad4ebd3a7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58747, "scanner": "repobility-ast-engine", "fingerprint": "80892602fe0833d876d63ab494f7aec43d14c8fbf54cd0b84eca8ea2445f4223", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80892602fe0833d876d63ab494f7aec43d14c8fbf54cd0b84eca8ea2445f4223"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58746, "scanner": "repobility-ast-engine", "fingerprint": "0965ee4cb372353165dcd7820a59bc810983c15fadbab6825f4f3e1ed12dfeac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0965ee4cb372353165dcd7820a59bc810983c15fadbab6825f4f3e1ed12dfeac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58745, "scanner": "repobility-ast-engine", "fingerprint": "8c9b7e78967a3b10739dc1163a04e03724f2918910370b71fb27a6493dc9c2e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c9b7e78967a3b10739dc1163a04e03724f2918910370b71fb27a6493dc9c2e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58744, "scanner": "repobility-ast-engine", "fingerprint": "f07f41900b8af7832191abd63fe522f29f937a426d4952a08f0b6703c8e38055", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f07f41900b8af7832191abd63fe522f29f937a426d4952a08f0b6703c8e38055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58743, "scanner": "repobility-ast-engine", "fingerprint": "a583d9a9311eab8d62713b297afa865bac8ec54ac84d6037e20afeb798fa212a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a583d9a9311eab8d62713b297afa865bac8ec54ac84d6037e20afeb798fa212a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._expect_build_dir` used but never assigned in __init__: Method `test_get_out_dir` of class `GNTestCase` reads `self._expect_build_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58742, "scanner": "repobility-ast-engine", "fingerprint": "7bd9ce410ba71f1d7bcb0383aeae5ac72a083cd244d46b804f95f9bf87472a28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bd9ce410ba71f1d7bcb0383aeae5ac72a083cd244d46b804f95f9bf87472a28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `_expect_build_dir` of class `GNTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58741, "scanner": "repobility-ast-engine", "fingerprint": "42b6827566b155e1d0892c6e7e68399271ddad077c25188d31d335527a101684", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42b6827566b155e1d0892c6e7e68399271ddad077c25188d31d335527a101684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_out_dir: Test function `test_get_out_dir` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 58740, "scanner": "repobility-ast-engine", "fingerprint": "aa211dc7be938eb631c9289869ec9a8eea72d0f46cdc7da91a5e0b72d88be5cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa211dc7be938eb631c9289869ec9a8eea72d0f46cdc7da91a5e0b72d88be5cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/gn_test.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_ComputeDartDeps_used_dep` of class `TestComputeDartDeps` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58739, "scanner": "repobility-ast-engine", "fingerprint": "37287cf81e917e8c7cc69c9b4bc5235f1eeed20879911f3b7f69de54b7dea350", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37287cf81e917e8c7cc69c9b4bc5235f1eeed20879911f3b7f69de54b7dea350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/tools/dart/create_updated_flutter_deps_tests.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_ComputeDartDeps_unused_dep` of class `TestComputeDartDeps` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58738, "scanner": "repobility-ast-engine", "fingerprint": "ed5e882035fa6f0b955d7ccf4378f66e5279120f685a643b1a49a32fd7fefa2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed5e882035fa6f0b955d7ccf4378f66e5279120f685a643b1a49a32fd7fefa2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/tools/dart/create_updated_flutter_deps_tests.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_ComputeDartDeps_nothing_to_do` of class `TestComputeDartDeps` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58737, "scanner": "repobility-ast-engine", "fingerprint": "5da2a88a8bb3aeb1e963805b30733ed8d4fb8e6e77d6f09161d7475f4031f055", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5da2a88a8bb3aeb1e963805b30733ed8d4fb8e6e77d6f09161d7475f4031f055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/tools/dart/create_updated_flutter_deps_tests.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_PrettifySourcePathForDEPS_all_cases` of class `TestPrettifySourcePathForDEPS` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58736, "scanner": "repobility-ast-engine", "fingerprint": "e12ba82e98a5bf4043b01c4f6c3ace8a3fe7249c462316dbfd47e1c02fbd7007", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e12ba82e98a5bf4043b01c4f6c3ace8a3fe7249c462316dbfd47e1c02fbd7007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/tools/dart/create_updated_flutter_deps_tests.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_PrettifySourcePathForDEPS_unversioned` of class `TestPrettifySourcePathForDEPS` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 58735, "scanner": "repobility-ast-engine", "fingerprint": "020a6f03c1474db3906bf6b1d90162513213bb29acc8279278dca32eee8f17f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|020a6f03c1474db3906bf6b1d90162513213bb29acc8279278dca32eee8f17f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/tools/dart/create_updated_flutter_deps_tests.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 58691, "scanner": "repobility-threat-engine", "fingerprint": "713332a9f89206be3d4956777664cd3b147d3eab608dfc0513f41a943d6819c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|713332a9f89206be3d4956777664cd3b147d3eab608dfc0513f41a943d6819c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/playground/backend/metal/playground_impl_mtl.mm"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 58690, "scanner": "repobility-threat-engine", "fingerprint": "6762ab5597f541cbb3b393b835550fd60adacdda25a829624d0e99a34db1983a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6762ab5597f541cbb3b393b835550fd60adacdda25a829624d0e99a34db1983a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/golden_tests/vulkan_screenshotter.mm"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 58689, "scanner": "repobility-threat-engine", "fingerprint": "bb7ceb548464c3c95af84e95714a7fc5fd097b6ddf1cbd2987443e65bb6fac3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb7ceb548464c3c95af84e95714a7fc5fd097b6ddf1cbd2987443e65bb6fac3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/fml/platform/darwin/cf_utils_unittests.mm"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 58686, "scanner": "repobility-threat-engine", "fingerprint": "9af3dcd9cb38fcbc8977ec707ecbc711d54b278b5aafe31cf4d57007a3574f7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9af3dcd9cb38fcbc8977ec707ecbc711d54b278b5aafe31cf4d57007a3574f7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/ci/scan_deps.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 58685, "scanner": "repobility-threat-engine", "fingerprint": "e2ab2b6e3c0da3c69df6113f3c5db5b7ad59d7c1b9aa8c072617ee4f1b6809e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(deps_content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e2ab2b6e3c0da3c69df6113f3c5db5b7ad59d7c1b9aa8c072617ee4f1b6809e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/ci/scan_deps.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 58681, "scanner": "repobility-threat-engine", "fingerprint": "1c6258908e2dc5ddb0c17a245847d1ca4b52f8e5a782219738623618e2fd18bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "expected_builder.Save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1c6258908e2dc5ddb0c17a245847d1ca4b52f8e5a782219738623618e2fd18bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/flow/layers/platform_view_layer_unittests.cc"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 58680, "scanner": "repobility-threat-engine", "fingerprint": "571baf87696a774cd48b32c4150f6f56f544138a4db897c2d2490cf9615a0a0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "helper.save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|571baf87696a774cd48b32c4150f6f56f544138a4db897c2d2490cf9615a0a0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/display_list/skia/dl_sk_paint_dispatcher_unittests.cc"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 58679, "scanner": "repobility-threat-engine", "fingerprint": "84c732c1aa7c9e44f6f61d0825cb4f78caa5fb3c77e7f89689c4de694b2a1e0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yamlEditor.update(<String>['workspace'], <String>['packages']);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84c732c1aa7c9e44f6f61d0825cb4f78caa5fb3c77e7f89689c4de694b2a1e0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/tools/mega_gallery.dart"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 58667, "scanner": "repobility-threat-engine", "fingerprint": "6c6a07f0004ea9b33f2f705ee8cab907b9d63bf8c831888ef7220952ca0d0298", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c6a07f0004ea9b33f2f705ee8cab907b9d63bf8c831888ef7220952ca0d0298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/benchmarks/platform_channels_benchmarks/android/app/src/main/kotlin/com/example/platform_channels_benchmarks/MainActivity.kt"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 58665, "scanner": "repobility-threat-engine", "fingerprint": "bb988bd0a6fe13c5a6069009c9e8aaecf10ef3ab1343c1f71dbce4e6b9b64429", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb988bd0a6fe13c5a6069009c9e8aaecf10ef3ab1343c1f71dbce4e6b9b64429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/custom_rules/render_box_intrinsics.dart"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 58664, "scanner": "repobility-threat-engine", "fingerprint": "826e62db61976c8d7e5b454af5f0f7181afb69efab6e586ecb5cb144e8788e14", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|826e62db61976c8d7e5b454af5f0f7181afb69efab6e586ecb5cb144e8788e14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/bots/custom_rules/protect_public_state_subtypes.dart"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 58663, "scanner": "repobility-threat-engine", "fingerprint": "9b2f62a31bfe6199d2bdc55a890268cb688f87b53c84f7d31374ca8886603a76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b2f62a31bfe6199d2bdc55a890268cb688f87b53c84f7d31374ca8886603a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/benchmarks/complex_layout/test_driver/semantics_perf_test.dart"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 58648, "scanner": "repobility-threat-engine", "fingerprint": "5a3b0260f0ab756dd0002f2f93d068c9113ca3736bc51ff30fa2f3c9cd1aebb8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a3b0260f0ab756dd0002f2f93d068c9113ca3736bc51ff30fa2f3c9cd1aebb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/web_e2e_tests/test_driver/url_strategy_integration.dart"}, "region": {"startLine": 148}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 58647, "scanner": "repobility-threat-engine", "fingerprint": "de8fe66670bc14c3ee3ba331cb5e8e913c778265a3d031cf5f17d2d963f997f9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(U", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de8fe66670bc14c3ee3ba331cb5e8e913c778265a3d031cf5f17d2d963f997f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".agents/skills/upgrade-browser/scripts/fetch_versions.dart"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 58765, "scanner": "repobility-ast-engine", "fingerprint": "4d49e1312ac0665dda1d5827236c5f35eb8d1c423c7a798bda1653fc79ab6fe2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d49e1312ac0665dda1d5827236c5f35eb8d1c423c7a798bda1653fc79ab6fe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/tools/fuchsia/toolchain/copy.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 58695, "scanner": "repobility-threat-engine", "fingerprint": "99a5f4cbf09ba78611ab1bb09b99482d7e7c012b743405bd95625138cef75cad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99a5f4cbf09ba78611ab1bb09b99482d7e7c012b743405bd95625138cef75cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/renderer/shader_key.cc"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 58693, "scanner": "repobility-threat-engine", "fingerprint": "58171f86c516fc98ecb4853373bb616e4d974ddf62b34ffc3378aa6ace277d80", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58171f86c516fc98ecb4853373bb616e4d974ddf62b34ffc3378aa6ace277d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "engine/src/flutter/impeller/renderer/backend/metal/allocator_mtl.mm"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 58671, "scanner": "repobility-threat-engine", "fingerprint": "3c589aa72c5c2c084bd50287631a79b055d187f4dce7c0ea2ccfa72558302716", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(flutterSdkPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3c589aa72c5c2c084bd50287631a79b055d187f4dce7c0ea2ccfa72558302716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/display_cutout_rotation/android/settings.gradle.kts"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 58670, "scanner": "repobility-threat-engine", "fingerprint": "02d22b59f19be9b13a567051aa304e0e2436857ba8513ceabe386b7db0157120", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(flutterSdkPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|02d22b59f19be9b13a567051aa304e0e2436857ba8513ceabe386b7db0157120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/deferred_components_test/android/settings.gradle.kts"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 58669, "scanner": "repobility-threat-engine", "fingerprint": "b8f78ba88efcbe6c48f8f0880058d29d2bb6153bc7f28ded1d6fc70135dfda02", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(flutterSdkPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b8f78ba88efcbe6c48f8f0880058d29d2bb6153bc7f28ded1d6fc70135dfda02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dev/integration_tests/android_hardware_smoke_test/android/settings.gradle.kts"}, "region": {"startLine": 7}}}]}]}]}