{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve", "shortDescription": {"text": "[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible instal"}, "fullDescription": {"text": "Replace `Pillow` with `Pillow==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /."}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `preview_dataset_with_params` has cognitive complexity 14 (SonarSource sca", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `preview_dataset_with_params` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains,"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 14."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 88 more): Same pattern found in 88 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 88 more): Same pattern found in 88 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 34 more): Same pattern found in 34 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. ", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 31 more): Same pattern found in 31 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-prettier` pinned to mutable rev `v4.0.0-alpha.8`: `.pr", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-prettier` pinned to mutable rev `v4.0.0-alpha.8`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-prettier` at `rev: v4.0.0-alpha.8`. If `{rev}` i"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.11-slim` not pinned by digest: `FROM python:3.11-slim` resolves the tag at build ti", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim` not pinned by digest: `FROM python:3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production ima"}, "fullDescription": {"text": "Replace with: `FROM python:3.11-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI PATCH / has no auth: Handler `update_job` is registered with router/app.patch(...) but no Depends/Sec", "shortDescription": {"text": "[MINED112] FastAPI PATCH / has no auth: Handler `update_job` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `requests.get` inside async function `get_component_image`: `requests.get` is a synchronous (bl", "shortDescription": {"text": "[MINED110] Blocking call `requests.get` inside async function `get_component_image`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the proce"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_error` of class `ExplainerJob` reads", "shortDescription": {"text": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_error` of class `ExplainerJob` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the"}, "fullDescription": {"text": "Initialize `self.kwargs = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_dataloader_with_missing_required_params: Test function `test_dataloader_with_miss", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_dataloader_with_missing_required_params: Test function `test_dataloader_with_missing_required_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds l"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{job_id}."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`", "shortDescription": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import array` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1117"}, "properties": {"repository": "DashAISoftware/dashAI", "repoUrl": "https://github.com/DashAISoftware/dashAI", "branch": "develop"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110653, "scanner": "repobility-supply-chain", "fingerprint": "e59367916dc4fc37de96e458cce6a7f123a985b692cd228baa2b05a33f1dc3b7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e59367916dc4fc37de96e458cce6a7f123a985b692cd228baa2b05a33f1dc3b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `accelerate` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110652, "scanner": "repobility-supply-chain", "fingerprint": "9eaa3ab3db003aaac455db6f9654d632271d193e58cd40e65274eff56ddc3ffc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9eaa3ab3db003aaac455db6f9654d632271d193e58cd40e65274eff56ddc3ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `evaluate` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110651, "scanner": "repobility-supply-chain", "fingerprint": "001950e22a5bd0eac362c794216451d25ba1a526506f9f04c86829f7efe128be", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|001950e22a5bd0eac362c794216451d25ba1a526506f9f04c86829f7efe128be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `diffusers` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110650, "scanner": "repobility-supply-chain", "fingerprint": "f40c7cd3e907eadd18c3bf37958e3f088e85441b14fadf85e7a6655da9af1550", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f40c7cd3e907eadd18c3bf37958e3f088e85441b14fadf85e7a6655da9af1550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `datasets` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110649, "scanner": "repobility-supply-chain", "fingerprint": "1f9e7dbfbdacad98a919b9ec3fd1a2c8c222a4364301c2ad60f479d67f09b45a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f9e7dbfbdacad98a919b9ec3fd1a2c8c222a4364301c2ad60f479d67f09b45a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scikit-learn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110648, "scanner": "repobility-supply-chain", "fingerprint": "849b605f673fb2251279084ec2787778d7f1dbe944514cb3ca0300e66022deb6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|849b605f673fb2251279084ec2787778d7f1dbe944514cb3ca0300e66022deb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `starlette` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110647, "scanner": "repobility-supply-chain", "fingerprint": "60f5913c1365317bf9d5f21038bd89c05e8360542ff824dd8902cdabdada7a40", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60f5913c1365317bf9d5f21038bd89c05e8360542ff824dd8902cdabdada7a40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pydantic-settings` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110646, "scanner": "repobility-supply-chain", "fingerprint": "272037efcba8890da0ce640668625b1a9d3cb3a0439601eb442a75e2fa954ee4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|272037efcba8890da0ce640668625b1a9d3cb3a0439601eb442a75e2fa954ee4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pydantic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110645, "scanner": "repobility-supply-chain", "fingerprint": "942aaf2a15ef7282344b08f877aa575f0337b4dbb5937a3ac88a2e601dcd4bb0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|942aaf2a15ef7282344b08f877aa575f0337b4dbb5937a3ac88a2e601dcd4bb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `joblib` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110644, "scanner": "repobility-supply-chain", "fingerprint": "114722888edb15167a04c1a13a968f62118eb67c230675da62580399481877e4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|114722888edb15167a04c1a13a968f62118eb67c230675da62580399481877e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pandas<3.0.0` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110643, "scanner": "repobility-supply-chain", "fingerprint": "4dca11147f1f6259f0ddfa9c4c2094a4655716da04d59f11a2bc2da77502b03f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4dca11147f1f6259f0ddfa9c4c2094a4655716da04d59f11a2bc2da77502b03f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110642, "scanner": "repobility-supply-chain", "fingerprint": "9cad2bf6bd940957b9282742121269aea716a146a78540d4506efe97141cb091", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9cad2bf6bd940957b9282742121269aea716a146a78540d4506efe97141cb091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `kink` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110641, "scanner": "repobility-supply-chain", "fingerprint": "de2e4117077b5891329ee897f08f24cdf1e5ec46cdb24879ebe9130c3d797617", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de2e4117077b5891329ee897f08f24cdf1e5ec46cdb24879ebe9130c3d797617"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `alembic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110640, "scanner": "repobility-supply-chain", "fingerprint": "71a8435e836b0c1a22f235dfe79fb30a107cf319ccaa6dc9acdf276ac9f812e4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71a8435e836b0c1a22f235dfe79fb30a107cf319ccaa6dc9acdf276ac9f812e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streaming_form_data` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110639, "scanner": "repobility-supply-chain", "fingerprint": "0a216d20956bf381c6ed8f1386097c440b9a3b09a3651a83138ba97a9ef695f6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a216d20956bf381c6ed8f1386097c440b9a3b09a3651a83138ba97a9ef695f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `SQLAlchemy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110638, "scanner": "repobility-supply-chain", "fingerprint": "d597080dde5dfac2ae3bbf13cf768a9b4cae0cd73b1727db5426323ab003d225", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d597080dde5dfac2ae3bbf13cf768a9b4cae0cd73b1727db5426323ab003d225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `fastapi[all]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110637, "scanner": "repobility-supply-chain", "fingerprint": "6827bd82fdaa97222e174097ed6d9bf01e57b8d23ffa26948a23049dc9bec8c2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6827bd82fdaa97222e174097ed6d9bf01e57b8d23ffa26948a23049dc9bec8c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-cpu.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pytest-asyncio` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110636, "scanner": "repobility-supply-chain", "fingerprint": "40efdf88cdc63f387d2f1a2718b8223646cb91d9dd1ba2b66ffe06be4549ca85", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|40efdf88cdc63f387d2f1a2718b8223646cb91d9dd1ba2b66ffe06be4549ca85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pytest-cov` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110635, "scanner": "repobility-supply-chain", "fingerprint": "efada2b6d4235a28ceaf12bbc33dd3c7564c187be174e0267aa8ebc5a184fd55", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|efada2b6d4235a28ceaf12bbc33dd3c7564c187be174e0267aa8ebc5a184fd55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pytest` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110634, "scanner": "repobility-supply-chain", "fingerprint": "6bfd2eb1f6ac86d7aa1b81dcdc63d6bf52ea0398aee6cfb5e8f5ac5c459ab348", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6bfd2eb1f6ac86d7aa1b81dcdc63d6bf52ea0398aee6cfb5e8f5ac5c459ab348"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sqlalchemy-stubs` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110633, "scanner": "repobility-supply-chain", "fingerprint": "1af68cb36b0f928508463040c903343659a13842acfcbd8c70313d342d0e383a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1af68cb36b0f928508463040c903343659a13842acfcbd8c70313d342d0e383a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sphinx` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110632, "scanner": "repobility-supply-chain", "fingerprint": "cf16090853f1a3e3bbd4ec89c65d580de4b73507e9b8f3190a011e40398e5afb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf16090853f1a3e3bbd4ec89c65d580de4b73507e9b8f3190a011e40398e5afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sphinx_rtd_theme` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110631, "scanner": "repobility-supply-chain", "fingerprint": "88b227f564ab44e0e910299479ff0a06b853b82f02e8573c33ec4c237a4663f6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|88b227f564ab44e0e910299479ff0a06b853b82f02e8573c33ec4c237a4663f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `ruff` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110630, "scanner": "repobility-supply-chain", "fingerprint": "20725902b35607c9e2b8fe9b1e3262f395c39d75be1b60e45e99ff5d34f13f97", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20725902b35607c9e2b8fe9b1e3262f395c39d75be1b60e45e99ff5d34f13f97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pre-commit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 110629, "scanner": "repobility-supply-chain", "fingerprint": "cfd1c275b242a445c8860c10374f664cc508493f9e69ca31d175af9080996043", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cfd1c275b242a445c8860c10374f664cc508493f9e69ca31d175af9080996043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements-dev.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110619, "scanner": "repobility-ast-engine", "fingerprint": "62b3285933eff6752d0183b697d4ae50d2ae6b323e2bd1e05edbb8a5d062bbe4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62b3285933eff6752d0183b697d4ae50d2ae6b323e2bd1e05edbb8a5d062bbe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/inf/ptype/PtypeCat.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110618, "scanner": "repobility-ast-engine", "fingerprint": "c8c19f145b2b7a79ec3fc87fafc516ee30688c03e5322fc8459293354346cf65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8c19f145b2b7a79ec3fc87fafc516ee30688c03e5322fc8459293354346cf65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/utils.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110616, "scanner": "repobility-ast-engine", "fingerprint": "cf5d70b516d69d352366739c53f10fa275fd5848d7548604bd512a3bd66ee356", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf5d70b516d69d352366739c53f10fa275fd5848d7548604bd512a3bd66ee356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110615, "scanner": "repobility-ast-engine", "fingerprint": "fa27d4a4197532eaee2ba4489f3ddd1e7d8dc17702909d5d4bb295a93fb17c5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa27d4a4197532eaee2ba4489f3ddd1e7d8dc17702909d5d4bb295a93fb17c5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110614, "scanner": "repobility-ast-engine", "fingerprint": "cfbde791c293d31ed18e01cd0e12af44a50e6e691eabdc661db18e260e6c9640", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfbde791c293d31ed18e01cd0e12af44a50e6e691eabdc661db18e260e6c9640"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110613, "scanner": "repobility-ast-engine", "fingerprint": "7bd39451efb84d2c5b7fc535e447112f08360da8e32b9904dd7e7ea081eefa46", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bd39451efb84d2c5b7fc535e447112f08360da8e32b9904dd7e7ea081eefa46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110612, "scanner": "repobility-ast-engine", "fingerprint": "0a3feeabc8d22b3567cedd6d8f6991f3b38c1ebe1982aff1f03f7ab88d69cc53", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a3feeabc8d22b3567cedd6d8f6991f3b38c1ebe1982aff1f03f7ab88d69cc53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110611, "scanner": "repobility-ast-engine", "fingerprint": "d32bce10e0a22eb63a6c6b1031de5fb7afade0ec2df1057ac133071027338a7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d32bce10e0a22eb63a6c6b1031de5fb7afade0ec2df1057ac133071027338a7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110610, "scanner": "repobility-ast-engine", "fingerprint": "bee018c7d75e6cc295df897ada9d21edb128ce2bf253d02451ae895c72dc1b55", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bee018c7d75e6cc295df897ada9d21edb128ce2bf253d02451ae895c72dc1b55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110609, "scanner": "repobility-ast-engine", "fingerprint": "d924d84468e4df8aa761c65db780f046db7b4fdd09f3c0b8176d89a21746128b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d924d84468e4df8aa761c65db780f046db7b4fdd09f3c0b8176d89a21746128b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110608, "scanner": "repobility-ast-engine", "fingerprint": "1e4c281f11ce02b64650833c3fe1bf90cfe57baedcf2cd4209ed05cf4dae24a2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e4c281f11ce02b64650833c3fe1bf90cfe57baedcf2cd4209ed05cf4dae24a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110607, "scanner": "repobility-ast-engine", "fingerprint": "f9d708c221ae35e9f3ec3dd75ef3040e0d23c74368db584df42a648032ccd553", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9d708c221ae35e9f3ec3dd75ef3040e0d23c74368db584df42a648032ccd553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110606, "scanner": "repobility-ast-engine", "fingerprint": "921825f28e09559ff2ca361a549a30793a3b6c513d13d74846177ac3cc91ac9f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|921825f28e09559ff2ca361a549a30793a3b6c513d13d74846177ac3cc91ac9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/type_validation.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110605, "scanner": "repobility-ast-engine", "fingerprint": "14a63aa5d6a54cba7153114a499a87294c54c43534c8976901311bbf362be3cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14a63aa5d6a54cba7153114a499a87294c54c43534c8976901311bbf362be3cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/sklearn_wrapper.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110604, "scanner": "repobility-ast-engine", "fingerprint": "13a205e8f1e5d9bd2d52f37f5eefd6bb1db3208b4eb3e7456912b0ac904e0d45", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13a205e8f1e5d9bd2d52f37f5eefd6bb1db3208b4eb3e7456912b0ac904e0d45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/plugins/utils.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110600, "scanner": "repobility-ast-engine", "fingerprint": "64e11a134c4c052134dc5e821d37852f061d7b1a7066e05f7b3c3f93b76e4195", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64e11a134c4c052134dc5e821d37852f061d7b1a7066e05f7b3c3f93b76e4195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/scripts/generate_components.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110599, "scanner": "repobility-ast-engine", "fingerprint": "8d9728c903d74bb04c073c2bdd38e9cc2f2bf6292a9377995e7a08125cdfd959", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d9728c903d74bb04c073c2bdd38e9cc2f2bf6292a9377995e7a08125cdfd959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/models/test_tabular_class_models.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110598, "scanner": "repobility-ast-engine", "fingerprint": "fd1c6aca863a3b5554f672a48efd815ea4bf120768b992c8093b7960ed6a36c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd1c6aca863a3b5554f672a48efd815ea4bf120768b992c8093b7960ed6a36c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/models/test_tabular_class_models.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110597, "scanner": "repobility-ast-engine", "fingerprint": "64e82c2d96e85b47f0acc610b3c8b76f9d252888917a527e314211fac4bbf127", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64e82c2d96e85b47f0acc610b3c8b76f9d252888917a527e314211fac4bbf127"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/tasks/test_tasks.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110596, "scanner": "repobility-ast-engine", "fingerprint": "972a6ba295d2521de24d8ee49d1071825bee8357416562d19363c007178f8171", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|972a6ba295d2521de24d8ee49d1071825bee8357416562d19363c007178f8171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/tasks/test_tasks.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110595, "scanner": "repobility-ast-engine", "fingerprint": "eb72d6944024cd8552af2d99b77ca77cfdd6dd577c91d47d97b0bd1f9fe0dc95", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb72d6944024cd8552af2d99b77ca77cfdd6dd577c91d47d97b0bd1f9fe0dc95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/tasks/test_tasks.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110594, "scanner": "repobility-ast-engine", "fingerprint": "71f20ad8af8cd84fc2d471a8da7757df791a62c147621984b4282c301e33958e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71f20ad8af8cd84fc2d471a8da7757df791a62c147621984b4282c301e33958e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/tasks/test_tasks.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110593, "scanner": "repobility-ast-engine", "fingerprint": "ae6d11e5b22037ee32e307c8ab2f5d76595ba4a8fe213a9a9756ed0d7e292945", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae6d11e5b22037ee32e307c8ab2f5d76595ba4a8fe213a9a9756ed0d7e292945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/explainers/test_explainers.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110551, "scanner": "repobility-ast-engine", "fingerprint": "0504bdfb6bbf65e0add1dce542eadaabac22f41ce099e5969294bf661dcf563f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0504bdfb6bbf65e0add1dce542eadaabac22f41ce099e5969294bf661dcf563f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/conftest.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 110543, "scanner": "repobility-ast-engine", "fingerprint": "0c4a629e2d8c826925cc2cc5b690d8ae2efd457117037b10dec14f51abcafff0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c4a629e2d8c826925cc2cc5b690d8ae2efd457117037b10dec14f51abcafff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci_alembic_check.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 110541, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 110540, "scanner": "repobility-journey-contract", "fingerprint": "ba61bbb403e49c7b813fcc7e71195119b41472b557e26d80693337ebef14ef46", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/hardware/ws", "correlation_key": "fp|ba61bbb403e49c7b813fcc7e71195119b41472b557e26d80693337ebef14ef46", "backend_endpoint_count": 129}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/hooks/useHardwareMonitor.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 110539, "scanner": "repobility-journey-contract", "fingerprint": "ece0703ce0387a61b1f3ca98a85b4649b6e328cceef8f6acae78895d5c1282dc", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/metrics/ws/{param}", "correlation_key": "fp|ece0703ce0387a61b1f3ca98a85b4649b6e328cceef8f6acae78895d5c1282dc", "backend_endpoint_count": 129}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/models/LiveMetricsChart.jsx"}, "region": {"startLine": 95}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 110538, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 101, "file_path": "DashAI/back/app.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 102, "file_path": "DashAI/back/app.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /."}, "properties": {"repobilityId": 110537, "scanner": "repobility-access-control", "fingerprint": "fa5016a78fc394f3671931f454f0b9f17a72b4072f7d0a0a6e8872fc3d182531", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|85|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{explorer_id}/."}, "properties": {"repobilityId": 110536, "scanner": "repobility-access-control", "fingerprint": "1a27e87d04dc6cbfd3cba269246a40aa8a3107ea5c53e2bc92546518e34b23fa", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{explorer_id}/", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|248|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/explorers.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{run_id}/operations."}, "properties": {"repobilityId": 110535, "scanner": "repobility-access-control", "fingerprint": "8a13399198221a76e5732f0269a566472654cd209439f03032b784ddac8bcb09", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{run_id}/operations", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|581|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/runs.py"}, "region": {"startLine": 581}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PATCH /{run_id}/reset."}, "properties": {"repobilityId": 110534, "scanner": "repobility-access-control", "fingerprint": "74158252301f931824c5cc15707f76d02669440447155884f1385da741036400", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{run_id}/reset", "method": "PATCH", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|493|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/runs.py"}, "region": {"startLine": 493}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PATCH /{run_id}."}, "properties": {"repobilityId": 110533, "scanner": "repobility-access-control", "fingerprint": "ddedcb5997d3a0f4d9975d6c52f026599177c7cb8f2133fa0940e2f1ff6ea59e", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{run_id}", "method": "PATCH", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|403|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/runs.py"}, "region": {"startLine": 403}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{run_id}."}, "properties": {"repobilityId": 110532, "scanner": "repobility-access-control", "fingerprint": "7bcad318a61a8c8cbc336ba5c6e64dbeacdd07ad6892627484381b80202f6f57", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{run_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|348|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/runs.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{datafile_id}."}, "properties": {"repobilityId": 110531, "scanner": "repobility-access-control", "fingerprint": "1a580bd3aca52af862fbdc89b1fa1576e736bcc99fd09f8c4c27306ba0740244", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{datafile_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|155|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/datafile.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /validate_node."}, "properties": {"repobilityId": 110530, "scanner": "repobility-access-control", "fingerprint": "f6ab1a28148b860687bc5fc672b86f26dbd2afff311f40ea872981c49485afc7", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/validate_node", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|474|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/pipelines.py"}, "region": {"startLine": 474}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{pipeline_id}."}, "properties": {"repobilityId": 110529, "scanner": "repobility-access-control", "fingerprint": "88a6d430e5d75edf697f2b2ff8949635db737ff64b5810b4acfcce94a017a83d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{pipeline_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|427|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/pipelines.py"}, "region": {"startLine": 427}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{plugin_id}."}, "properties": {"repobilityId": 110528, "scanner": "repobility-access-control", "fingerprint": "69d374209b974690c55bcd75d51195fbb9531a7e90ff8dca53a93e79e3f7cc7b", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{plugin_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|173|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/plugins.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 110523, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 110521, "scanner": "repobility-docker", "fingerprint": "7504fec8b8baca7f0695087834aad5cadd995e07873c6177d85311de83de7c6c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7504fec8b8baca7f0695087834aad5cadd995e07873c6177d85311de83de7c6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 110520, "scanner": "repobility-docker", "fingerprint": "84fdfb6d47b2d494dee3526f844c1387c14c82256a474e89774a00382dcd05c4", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|84fdfb6d47b2d494dee3526f844c1387c14c82256a474e89774a00382dcd05c4", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 110519, "scanner": "repobility-agent-runtime", "fingerprint": "ab75dde6f9601686fe6ff36d36ad1b8ea64bc54c5a45e9d8c7f967a6db6092fd", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|ab75dde6f9601686fe6ff36d36ad1b8ea64bc54c5a45e9d8c7f967a6db6092fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/notebooks/dataset/MrtDatasetTableInfScroll.jsx"}, "region": {"startLine": 117}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 110518, "scanner": "repobility-agent-runtime", "fingerprint": "ce64466c2f648ffd77217a2500b01cb4c56e2e13b5a4eb352e1dc3b1df8ed4dd", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|ce64466c2f648ffd77217a2500b01cb4c56e2e13b5a4eb352e1dc3b1df8ed4dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/jobs/JobQueueWidget.jsx"}, "region": {"startLine": 139}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 110483, "scanner": "repobility-threat-engine", "fingerprint": "77c275badaa754852b754154788b03b44671a098cd1d85483732c483d5ebb022", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|77c275badaa754852b754154788b03b44671a098cd1d85483732c483d5ebb022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/predictions/ResultsTable.jsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 110482, "scanner": "repobility-threat-engine", "fingerprint": "dbd14559fbdad6c5733526bd54466af3cba74360a15a7f60db52976f387ea8ef", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dbd14559fbdad6c5733526bd54466af3cba74360a15a7f60db52976f387ea8ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/predictions/DatasetSelector.jsx"}, "region": {"startLine": 35}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 110481, "scanner": "repobility-threat-engine", "fingerprint": "ae5a0c5ca9ca72d112f4471e3da550bca408c3ae5003872510def4c3aaa49ac9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae5a0c5ca9ca72d112f4471e3da550bca408c3ae5003872510def4c3aaa49ac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/models/PredictionCard.jsx"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 110464, "scanner": "repobility-threat-engine", "fingerprint": "e1e23f9b8761be9692323c6a0a6cecd4ee709e528bb1030b8da8af9939944ac4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def validate(self) -> Dict[str, str]:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1e23f9b8761be9692323c6a0a6cecd4ee709e528bb1030b8da8af9939944ac4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/pipeline/validator/validator.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 110456, "scanner": "repobility-threat-engine", "fingerprint": "90e80239ca206ef08f3daaa4ac9e082e567c7ac40ff4fe371beda6619800436d", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|50|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/seeds/__init__.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 110455, "scanner": "repobility-threat-engine", "fingerprint": "74e7b63852b7976ca80d3a78bf90648aa2581c075dba5ce899095898fef81a38", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|196|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/dataloaders/classes/dataloader.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110446, "scanner": "repobility-threat-engine", "fingerprint": "f9f8cffd1a670a7b15d1c28b8af228fa76afcdb9b5992c683a3f6e0621face18", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|8|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/generative/TextMessage.jsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110445, "scanner": "repobility-threat-engine", "fingerprint": "e04fe50973f6e60a522b8a7a40a9c2f47bb2fd8831fb2ce1ac19c541f155cd51", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|25|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/custom/ComponentDetailsPanel.jsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 110443, "scanner": "repobility-threat-engine", "fingerprint": "399191e724bad79d842640a600b3598d16bf603afab49319eb9c4186469b5494", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|399191e724bad79d842640a600b3598d16bf603afab49319eb9c4186469b5494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/job/explorer_job.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 110442, "scanner": "repobility-threat-engine", "fingerprint": "72f4668869cb1409f551d15553cecaff3fb5a0a4d61a8ee12e7618714fc3a4fe", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|72f4668869cb1409f551d15553cecaff3fb5a0a4d61a8ee12e7618714fc3a4fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/hardware.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 110542, "scanner": "repobility-web-presence", "fingerprint": "656f5c513b986afd7ec5a6d7ffba7c9eccec5d3b6cbd0969f8c020f12e9e9140", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|656f5c513b986afd7ec5a6d7ffba7c9eccec5d3b6cbd0969f8c020f12e9e9140"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/public/robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 110522, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8fcf570b9ffd90c8be467b3556ab38b6a26e1190c568451581351a9bc22b680c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/knn_imputer.py", "duplicate_line": 130, "correlation_key": "fp|8fcf570b9ffd90c8be467b3556ab38b6a26e1190c568451581351a9bc22b680c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/select_fpr.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a80bfe757ceafd24af667533c4fb2552315e76d0601685e0dfadb74ba88313b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|a80bfe757ceafd24af667533c4fb2552315e76d0601685e0dfadb74ba88313b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/select_fdr.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7adda36dd8794c94c4805586bfc30fbe9bd7143e0db3f85aeedd390459fbfdf7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/fast_ica.py", "duplicate_line": 235, "correlation_key": "fp|7adda36dd8794c94c4805586bfc30fbe9bd7143e0db3f85aeedd390459fbfdf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/select_fdr.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44224241fa26198acb1a6c11c77afa62ba4c4124db76938b844625a2540d965f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/knn_imputer.py", "duplicate_line": 130, "correlation_key": "fp|44224241fa26198acb1a6c11c77afa62ba4c4124db76938b844625a2540d965f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/select_fdr.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfef75385697db0fe6572ececaff1478d7dd3832a8b14da71bc30675034d8076", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/additive_chi_2_sampler.py", "duplicate_line": 80, "correlation_key": "fp|cfef75385697db0fe6572ececaff1478d7dd3832a8b14da71bc30675034d8076"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/rbf_sampler.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9a74bb751cfa7b0d42bc79a07f10ab5566969a6f7f898349f5039b1f7fb9736", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/imbalanced_learn/smote_converter.py", "duplicate_line": 4, "correlation_key": "fp|a9a74bb751cfa7b0d42bc79a07f10ab5566969a6f7f898349f5039b1f7fb9736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/rbf_sampler.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d950e29477ab5f2f4db1bbf9e93b12b3b20a3b279200c20a3eb673ed47a048f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/generic_univariate_select.py", "duplicate_line": 5, "correlation_key": "fp|9d950e29477ab5f2f4db1bbf9e93b12b3b20a3b279200c20a3eb673ed47a048f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/rbf_sampler.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70bee4bdc553a54c782e581ea29b695fc5a81cd6e15d38b2f0ae4a62ac3f3793", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|70bee4bdc553a54c782e581ea29b695fc5a81cd6e15d38b2f0ae4a62ac3f3793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/pca.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1224853464edf539c99417d0101a5294879cb084fa9cee5ec1cfd4a17e34b013", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/fast_ica.py", "duplicate_line": 231, "correlation_key": "fp|1224853464edf539c99417d0101a5294879cb084fa9cee5ec1cfd4a17e34b013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/pca.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70f28ae28523b01649cf7e754a70fa23e2d6cf152d1c9480c9f844f65f82bcc8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/nystroem.py", "duplicate_line": 6, "correlation_key": "fp|70f28ae28523b01649cf7e754a70fa23e2d6cf152d1c9480c9f844f65f82bcc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/ordinal_encoder.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "667bc7b284b978b747f8473bbec965cd89e04dc835e1c5f73a9aae6d263dd2eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/one_hot_encoder.py", "duplicate_line": 3, "correlation_key": "fp|667bc7b284b978b747f8473bbec965cd89e04dc835e1c5f73a9aae6d263dd2eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/ordinal_encoder.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110506, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0b393c4a6fa7d915c7a3a28ab71d7ebae551ce174cd73d2be240e651e9f68a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/nystroem.py", "duplicate_line": 6, "correlation_key": "fp|e0b393c4a6fa7d915c7a3a28ab71d7ebae551ce174cd73d2be240e651e9f68a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/one_hot_encoder.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110505, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08427d02af26d0315838891a4c241270b6789674a35927fbd0366683b4fd3a5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|08427d02af26d0315838891a4c241270b6789674a35927fbd0366683b4fd3a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/nystroem.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110504, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30d3f9809a1729bcf663c4837517003cc58abbc038068a610c9dc0d84ab7bacf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/fast_ica.py", "duplicate_line": 13, "correlation_key": "fp|30d3f9809a1729bcf663c4837517003cc58abbc038068a610c9dc0d84ab7bacf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/nystroem.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110503, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bdc8876caee662257fe7d06e5a5933021edb826deb7432b2a088b35d266f1031", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 115, "correlation_key": "fp|bdc8876caee662257fe7d06e5a5933021edb826deb7432b2a088b35d266f1031"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/normalizer.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110502, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4afb1e51f7e3257e288a3992704201c8d07c9412e7b716eea5fbca6cf68ad59a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/knn_imputer.py", "duplicate_line": 130, "correlation_key": "fp|4afb1e51f7e3257e288a3992704201c8d07c9412e7b716eea5fbca6cf68ad59a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/missing_indicator.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110501, "scanner": "repobility-ai-code-hygiene", "fingerprint": "079124e9cddca193608b700b9c90c610722b675cab17be22b537c6e2aa2dc1dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|079124e9cddca193608b700b9c90c610722b675cab17be22b537c6e2aa2dc1dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/min_max_scaler.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110500, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a09779820c831daa371e0de2576d47795244b2043066eec388bc6b5b102c6e98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/fast_ica.py", "duplicate_line": 235, "correlation_key": "fp|a09779820c831daa371e0de2576d47795244b2043066eec388bc6b5b102c6e98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/min_max_scaler.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110499, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f57e5374036d97b5792bc43e6bffe5829fdde6164efa5650596475b05ecc8aec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 115, "correlation_key": "fp|f57e5374036d97b5792bc43e6bffe5829fdde6164efa5650596475b05ecc8aec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/max_abs_scaler.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110498, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbfeb5ff94ab48f18cbc1b676961efd86c42f837d4eb4947ee4c14e077a70ee5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|fbfeb5ff94ab48f18cbc1b676961efd86c42f837d4eb4947ee4c14e077a70ee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/knn_imputer.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110497, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00f9f972527d81dc83660e4cd470a4cbd53a13888ba63149b5c856f241b428ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/fast_ica.py", "duplicate_line": 235, "correlation_key": "fp|00f9f972527d81dc83660e4cd470a4cbd53a13888ba63149b5c856f241b428ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/knn_imputer.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110496, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdacd020c75f8268eec3a55585e6c2febc25aa7ecb5cde8c172531a1aa17cad4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 115, "correlation_key": "fp|cdacd020c75f8268eec3a55585e6c2febc25aa7ecb5cde8c172531a1aa17cad4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/incremental_pca.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110495, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5002a38f12d40ce18672b54c3f6dc3c40980fb77420d3c2925d94c07d3daaef5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|5002a38f12d40ce18672b54c3f6dc3c40980fb77420d3c2925d94c07d3daaef5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/generic_univariate_select.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110494, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5ae5179f19348fb226dc16cccee356cb68e44303128d1069a0f519ab09ba639", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/imbalanced_learn/smote_converter.py", "duplicate_line": 4, "correlation_key": "fp|f5ae5179f19348fb226dc16cccee356cb68e44303128d1069a0f519ab09ba639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/generic_univariate_select.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110493, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c1c986e52e734d83d5aeb330ce9d91bb3a3743f3dd264157368d5455ec8cdea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/scikit_learn/cca.py", "duplicate_line": 119, "correlation_key": "fp|6c1c986e52e734d83d5aeb330ce9d91bb3a3743f3dd264157368d5455ec8cdea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/fast_ica.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110492, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0b0777a0579b9fdcbce44ea14bb55b73d283705170686f21ca17bd2da553522", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/imbalanced_learn/smote_converter.py", "duplicate_line": 4, "correlation_key": "fp|a0b0777a0579b9fdcbce44ea14bb55b73d283705170686f21ca17bd2da553522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/imbalanced_learn/smoteenn_converter.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110491, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c605b9eaadc096c23c70c945e7c8fdb433369798cbe86615dd46d2bf1c994381", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/imbalanced_learn/random_under_sampler_converter.py", "duplicate_line": 2, "correlation_key": "fp|c605b9eaadc096c23c70c945e7c8fdb433369798cbe86615dd46d2bf1c994381"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/imbalanced_learn/smoteenn_converter.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110490, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70e7e31a0dc8f86b4f3701904351ab50aea4ab6e78ef9279b9bf18ddc93183f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/imbalanced_learn/random_under_sampler_converter.py", "duplicate_line": 2, "correlation_key": "fp|70e7e31a0dc8f86b4f3701904351ab50aea4ab6e78ef9279b9bf18ddc93183f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/imbalanced_learn/smote_converter.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110489, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f46f11a15915f6f1709ca2e185cc7a8254d21e3d8735678a2d429f8c772ca38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/back/converters/hugging_face/embedding.py", "duplicate_line": 39, "correlation_key": "fp|2f46f11a15915f6f1709ca2e185cc7a8254d21e3d8735678a2d429f8c772ca38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/hugging_face/tokenizer.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110488, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56a0253ec6a527fc1a4851ce2d1a6504bdf909ef8965f950647a3574a6246e59", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "DashAI/alembic/versions/57ff87150ae2_experiments_to_model_session.py", "duplicate_line": 16, "correlation_key": "fp|56a0253ec6a527fc1a4851ce2d1a6504bdf909ef8965f950647a3574a6246e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/alembic/versions/7662169fa0e0_initial_migrations.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `preview_dataset_with_params` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, else=1, except=3, if=7, nested_bonus=1, or=1."}, "properties": {"repobilityId": 110428, "scanner": "repobility-threat-engine", "fingerprint": "5979fcbe75a2777cc4043fe1076544ae19bb74e36860ca9681987918b3fde0fd", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "preview_dataset_with_params", "breakdown": {"if": 7, "or": 1, "and": 1, "else": 1, "except": 3, "nested_bonus": 1}, "complexity": 14, "correlation_key": "fp|5979fcbe75a2777cc4043fe1076544ae19bb74e36860ca9681987918b3fde0fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/dataset_source.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `create_download` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=2, if=4, nested_bonus=4, or=2."}, "properties": {"repobilityId": 110427, "scanner": "repobility-threat-engine", "fingerprint": "c7d1c9d9d1f7ec7b0490e84d74a798d7f2c5f50e4e632f0bdbf21d74181d1ddc", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "create_download", "breakdown": {"if": 4, "or": 2, "else": 1, "except": 2, "nested_bonus": 4}, "complexity": 13, "correlation_key": "fp|c7d1c9d9d1f7ec7b0490e84d74a798d7f2c5f50e4e632f0bdbf21d74181d1ddc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/datafile.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=3, if=4, nested_bonus=1."}, "properties": {"repobilityId": 110426, "scanner": "repobility-threat-engine", "fingerprint": "8f5cc4632bd00bc5cc229bb82d15be2e563ddfba9d4e9c68c8b8efe11b988064", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "else": 3, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|8f5cc4632bd00bc5cc229bb82d15be2e563ddfba9d4e9c68c8b8efe11b988064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/__main__.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 110417, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 110487, "scanner": "repobility-threat-engine", "fingerprint": "46d0cf9a96138776d17e23abf7b545fb3d6da8fbcf6a80a15e86ae703f477cd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46d0cf9a96138776d17e23abf7b545fb3d6da8fbcf6a80a15e86ae703f477cd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "update-server.sh"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 110486, "scanner": "repobility-threat-engine", "fingerprint": "2220a26a62a2b9a505dd930da757678f098979a584f7494d2d3225731282ab06", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2220a26a62a2b9a505dd930da757678f098979a584f7494d2d3225731282ab06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/predictions/InputField.jsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 110484, "scanner": "repobility-threat-engine", "fingerprint": "60d6be488fc9792b7c544c84123a75cbfde5e34988a54174c40e3a6c52f2694e", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|60d6be488fc9792b7c544c84123a75cbfde5e34988a54174c40e3a6c52f2694e"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 110480, "scanner": "repobility-threat-engine", "fingerprint": "7eebbe47bd75d9c6b0c22e33df40652b750c7eac72b2930816630755a86b37b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7eebbe47bd75d9c6b0c22e33df40652b750c7eac72b2930816630755a86b37b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/generative/utils.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 110479, "scanner": "repobility-threat-engine", "fingerprint": "6faababe47c10eb2d2e90656cb5b77d5d842a1ecb758e761f309546c06fe3100", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6faababe47c10eb2d2e90656cb5b77d5d842a1ecb758e761f309546c06fe3100", "aggregated_count": 18}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 110478, "scanner": "repobility-threat-engine", "fingerprint": "d39e85c054180a374672ce1cb6d17875ca9211d57550e42a5876cc7d9f5927bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d39e85c054180a374672ce1cb6d17875ca9211d57550e42a5876cc7d9f5927bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/hub/HubBreadcrumbs.jsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 110477, "scanner": "repobility-threat-engine", "fingerprint": "2086029251f3fe24d9a8886aeeb836994e4eb24687ad2523a6624e0ca8306c30", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2086029251f3fe24d9a8886aeeb836994e4eb24687ad2523a6624e0ca8306c30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/generative/GenerativeBreadcrumbs.jsx"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 110476, "scanner": "repobility-threat-engine", "fingerprint": "8e515a5cbbdabbc90880762b169933da006f4e2c08114bbaa860c8a95621ae7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8e515a5cbbdabbc90880762b169933da006f4e2c08114bbaa860c8a95621ae7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/explainers/ExplainersPlot.jsx"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 88 more): Same pattern found in 88 additional files. Review if needed."}, "properties": {"repobilityId": 110473, "scanner": "repobility-threat-engine", "fingerprint": "c1ef58e9c9e14409cc30cd97f340912f48512ba734a4b66edc71d8b99205bb5f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 88 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c1ef58e9c9e14409cc30cd97f340912f48512ba734a4b66edc71d8b99205bb5f", "aggregated_count": 88}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 110472, "scanner": "repobility-threat-engine", "fingerprint": "83b4c3867fc5bb90d9e18da6e2fe57b35fe50e7f6c3867e03fa6eff1544e69cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|83b4c3867fc5bb90d9e18da6e2fe57b35fe50e7f6c3867e03fa6eff1544e69cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/configurableObject/Inputs/ClassInput.jsx"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 110471, "scanner": "repobility-threat-engine", "fingerprint": "f9664c1d5f325d5cd4f437a2b1cd1daa101b4bcd9895fdf6b08f7fe1e5ae2a21", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9664c1d5f325d5cd4f437a2b1cd1daa101b4bcd9895fdf6b08f7fe1e5ae2a21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/api/values.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 110470, "scanner": "repobility-threat-engine", "fingerprint": "c95e2b951365e5e95c3ca211a3bff5027a8683f0c45c560335f4f48fb780879e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c95e2b951365e5e95c3ca211a3bff5027a8683f0c45c560335f4f48fb780879e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/api/process.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 110469, "scanner": "repobility-threat-engine", "fingerprint": "c1f399fe89652fca86d63ba439249d10ae09999468b4e2cdbfd4ba3a58a2ca3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c1f399fe89652fca86d63ba439249d10ae09999468b4e2cdbfd4ba3a58a2ca3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/types/configurableObject.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 110468, "scanner": "repobility-threat-engine", "fingerprint": "7fa84bc73d41e0b0f2f6f2e9fb34d3caa9fd4d38b7f30759c09441e7a1e8eec0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7fa84bc73d41e0b0f2f6f2e9fb34d3caa9fd4d38b7f30759c09441e7a1e8eec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/generative/utils.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 110467, "scanner": "repobility-threat-engine", "fingerprint": "63cdbdd4c57a2ad7c1a75974da1cb9db7c1eea5c7965ff35d58ca63741863c11", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63cdbdd4c57a2ad7c1a75974da1cb9db7c1eea5c7965ff35d58ca63741863c11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/api/job.ts"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 110466, "scanner": "repobility-threat-engine", "fingerprint": "a2ce58a75ec05d25535757a32e576e47d3e21a5b2ac2fa588d55ecbd911fbe99", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2ce58a75ec05d25535757a32e576e47d3e21a5b2ac2fa588d55ecbd911fbe99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/plugins/utils.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 110461, "scanner": "repobility-threat-engine", "fingerprint": "4264f2876bf9d0544b4493949f146bcda6d9f3ad5b093634f7f5566b40d9e13a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4264f2876bf9d0544b4493949f146bcda6d9f3ad5b093634f7f5566b40d9e13a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/models/model_factory.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 110460, "scanner": "repobility-threat-engine", "fingerprint": "bb073d169e432edd80ad520c2365fa126e348646d562af5169f91fd938623995", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bb073d169e432edd80ad520c2365fa126e348646d562af5169f91fd938623995", "aggregated_count": 3}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 110459, "scanner": "repobility-threat-engine", "fingerprint": "3848a30a3afd65d3865a039148de8b63db35379a683a2c058b56ae7f779f455f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3848a30a3afd65d3865a039148de8b63db35379a683a2c058b56ae7f779f455f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/categorical.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 110458, "scanner": "repobility-threat-engine", "fingerprint": "a8626a15080a6d332c8047f66501cb607c05d0b0a31b7c07d7affc80ca73fe4e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8626a15080a6d332c8047f66501cb607c05d0b0a31b7c07d7affc80ca73fe4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/tasks/utils.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 110457, "scanner": "repobility-threat-engine", "fingerprint": "c9d5ef282819f86a14331da6f56030b4102b1c3845e0e092b33b1c989804e806", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c9d5ef282819f86a14331da6f56030b4102b1c3845e0e092b33b1c989804e806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/dataset_sources/base_dataset_source.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 110454, "scanner": "repobility-threat-engine", "fingerprint": "ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "aggregated_count": 1}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 110453, "scanner": "repobility-threat-engine", "fingerprint": "b88fee42ef2eb4e2e388f71fa70aca9c9102098214fedf8c62507fcdc644de3c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b88fee42ef2eb4e2e388f71fa70aca9c9102098214fedf8c62507fcdc644de3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/dataloaders/classes/image_dataloader.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 110452, "scanner": "repobility-threat-engine", "fingerprint": "d68deed26c2bec5c0ab974f11f000daf82b4a019c11b77aa0a1ea27c0a4a13a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d68deed26c2bec5c0ab974f11f000daf82b4a019c11b77aa0a1ea27c0a4a13a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/core/schema_fields/enum_field.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 110451, "scanner": "repobility-threat-engine", "fingerprint": "27d10c85bf844ba2246c5e1f7baf85c2874addda24dc21f3956b2390ba718eeb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27d10c85bf844ba2246c5e1f7baf85c2874addda24dc21f3956b2390ba718eeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/core/schema_fields/base_schema.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "properties": {"repobilityId": 110450, "scanner": "repobility-threat-engine", "fingerprint": "3494f6123186364c7eb7c2d654b5cbac2f077019153b1edf1615bfc62d4ff094", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 34 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3494f6123186364c7eb7c2d654b5cbac2f077019153b1edf1615bfc62d4ff094", "aggregated_count": 34}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 110449, "scanner": "repobility-threat-engine", "fingerprint": "31cf0e48e52fbf202516690f64c0fd3e06a1a6648571aa8b2303a35d5881d1f9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31cf0e48e52fbf202516690f64c0fd3e06a1a6648571aa8b2303a35d5881d1f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/generic_univariate_select.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 110448, "scanner": "repobility-threat-engine", "fingerprint": "f1fd2fa45862732aa55843b8d05bf95138a21be14b2a1065846ddfc8cd2843e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1fd2fa45862732aa55843b8d05bf95138a21be14b2a1065846ddfc8cd2843e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/fast_ica.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 110447, "scanner": "repobility-threat-engine", "fingerprint": "d3f9f1ffc71827f72402699f40103c3d88864e3f62de538c0cec38bc16f1589d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d3f9f1ffc71827f72402699f40103c3d88864e3f62de538c0cec38bc16f1589d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/scikit_learn/cca.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110444, "scanner": "repobility-threat-engine", "fingerprint": "61dbe734cf931b649e090e3ce97973dcb02f913f2fe22c91cb0727d63a4a0f49", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|185|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/hugging_face/embedding.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 110441, "scanner": "repobility-threat-engine", "fingerprint": "95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "aggregated_count": 2}}}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 110437, "scanner": "repobility-threat-engine", "fingerprint": "71b38a4f77a05f6bfd16b2fbcd1b951e2a53f712faa7be5e8d969d6783a4c212", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|71b38a4f77a05f6bfd16b2fbcd1b951e2a53f712faa7be5e8d969d6783a4c212"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "properties": {"repobilityId": 110433, "scanner": "repobility-threat-engine", "fingerprint": "91ddd366c7948498787f567a0b9bb45da826ce37ca89f31d96211078a24902d3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 31 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|91ddd366c7948498787f567a0b9bb45da826ce37ca89f31d96211078a24902d3", "aggregated_count": 31}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 110432, "scanner": "repobility-threat-engine", "fingerprint": "6a316db877bec11fc75b61f5f28c938ee8f88a5801ee4f2a3d254aacb46977af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a316db877bec11fc75b61f5f28c938ee8f88a5801ee4f2a3d254aacb46977af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/hardware.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 110431, "scanner": "repobility-threat-engine", "fingerprint": "62daef923a1458f11d5e61e1f99870278721fb1e0b64f7deecb8c3e6f8de929f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62daef923a1458f11d5e61e1f99870278721fb1e0b64f7deecb8c3e6f8de929f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/dataset_source.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 110430, "scanner": "repobility-threat-engine", "fingerprint": "3b0f906c851a54426df5c05ebc2a272aa528ddd892de018c358b113b71220a6e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b0f906c851a54426df5c05ebc2a272aa528ddd892de018c358b113b71220a6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/alembic/versions/3db684f4090a_merge_datafile_and_dataset_heads.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 60 more): Same pattern found in 60 additional files. Review if needed."}, "properties": {"repobilityId": 110429, "scanner": "repobility-threat-engine", "fingerprint": "57bf82e0436a039ffdf3078472a050dd6b9b34b096510f2656f05d9a625669dc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 60 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "else": 3, "nested_bonus": 1}, "aggregated": true, "complexity": 8, "correlation_key": "fp|57bf82e0436a039ffdf3078472a050dd6b9b34b096510f2656f05d9a625669dc", "aggregated_count": 60}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 110425, "scanner": "repobility-threat-engine", "fingerprint": "9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 110421, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110683, "scanner": "repobility-supply-chain", "fingerprint": "fbbaa0f2847bfa2dae67718549187601e8147d9c63c4c87e005ee6470220e132", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fbbaa0f2847bfa2dae67718549187601e8147d9c63c4c87e005ee6470220e132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110682, "scanner": "repobility-supply-chain", "fingerprint": "633b1cd0db2e9d784b22844543a341ef7cbdb7af38b96b413e29abe8715c75b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|633b1cd0db2e9d784b22844543a341ef7cbdb7af38b96b413e29abe8715c75b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110681, "scanner": "repobility-supply-chain", "fingerprint": "af3da2107bd4b5d5f2eae97f09b19efd0e8d81b5638f1f23993f76750e96b425", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af3da2107bd4b5d5f2eae97f09b19efd0e8d81b5638f1f23993f76750e96b425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110680, "scanner": "repobility-supply-chain", "fingerprint": "8e50fcedf91cdd544e01642e27708b68684821f45f4ab14ca0026938c7e2daa8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e50fcedf91cdd544e01642e27708b68684821f45f4ab14ca0026938c7e2daa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110679, "scanner": "repobility-supply-chain", "fingerprint": "9e2a45b212089094ba396dc4f4fd95a49ec670b53f0b5237745e6252c7408f37", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9e2a45b212089094ba396dc4f4fd95a49ec670b53f0b5237745e6252c7408f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/db-migrations.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110678, "scanner": "repobility-supply-chain", "fingerprint": "eff7c810014768e1fc9f92d874d5069931f254f13f6c857276e82d740fdaecb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eff7c810014768e1fc9f92d874d5069931f254f13f6c857276e82d740fdaecb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/db-migrations.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v3`: `uses: actions/cache@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110677, "scanner": "repobility-supply-chain", "fingerprint": "2033962a5ad384d410945b46c59e2b8a74179b7035ddb625932b134f9d9f3d62", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2033962a5ad384d410945b46c59e2b8a74179b7035ddb625932b134f9d9f3d62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yaml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110676, "scanner": "repobility-supply-chain", "fingerprint": "cd0a600ea83c9ff47a896f4c12125b159a7bb415a26cfe5b5fa6e556fb12727a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cd0a600ea83c9ff47a896f4c12125b159a7bb415a26cfe5b5fa6e556fb12727a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v3`: `uses: actions/setup-node@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110675, "scanner": "repobility-supply-chain", "fingerprint": "fe8ad7aae4b337efc17ee3f2f4b1efb534abaf37cd312f1761329b5069b89794", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe8ad7aae4b337efc17ee3f2f4b1efb534abaf37cd312f1761329b5069b89794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110674, "scanner": "repobility-supply-chain", "fingerprint": "e854d7217b0ae907daf56cf46b76d1cde7e9338ec431ac2860c31e5d634e8835", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e854d7217b0ae907daf56cf46b76d1cde7e9338ec431ac2860c31e5d634e8835"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110673, "scanner": "repobility-supply-chain", "fingerprint": "ac592a9a1be64dc716d2b0e1c27beb0abd4ccb1d86cc751ba07acb28cf894339", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac592a9a1be64dc716d2b0e1c27beb0abd4ccb1d86cc751ba07acb28cf894339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-pages-artifact` pinned to mutable ref `@v3`: `uses: actions/upload-pages-artifact@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110672, "scanner": "repobility-supply-chain", "fingerprint": "d2ee85ef97069c96e39a3a0f6c84377bf84b9b1e1ac1eaca45e646efce2dbfb6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d2ee85ef97069c96e39a3a0f6c84377bf84b9b1e1ac1eaca45e646efce2dbfb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/configure-pages` pinned to mutable ref `@v2`: `uses: actions/configure-pages@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110671, "scanner": "repobility-supply-chain", "fingerprint": "97fa29b261f16598fca52bc6236f6e07a02d9291ee9c27f9c79cc357d3f3a656", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97fa29b261f16598fca52bc6236f6e07a02d9291ee9c27f9c79cc357d3f3a656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v3`: `uses: actions/setup-node@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110670, "scanner": "repobility-supply-chain", "fingerprint": "528910c7ff5ce501347094f1f4ee217a918e92723412a550783e2797df445865", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|528910c7ff5ce501347094f1f4ee217a918e92723412a550783e2797df445865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110669, "scanner": "repobility-supply-chain", "fingerprint": "e10526ad14f04959d57ceeec288837fe410d3ffdf827c18424b53c65f018cb07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e10526ad14f04959d57ceeec288837fe410d3ffdf827c18424b53c65f018cb07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110668, "scanner": "repobility-supply-chain", "fingerprint": "b3f4c480c4fd27eb678a32e9dce06234fb5b1cd6de392940e55e19b72516a388", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3f4c480c4fd27eb678a32e9dce06234fb5b1cd6de392940e55e19b72516a388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@v1`: `uses: anthropics/claude-code-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110667, "scanner": "repobility-supply-chain", "fingerprint": "7f8039c74cd7ac7da8698cbd63260061741c3bef38ff9bdcbd64d416b8e54e88", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f8039c74cd7ac7da8698cbd63260061741c3bef38ff9bdcbd64d416b8e54e88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code-review.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110666, "scanner": "repobility-supply-chain", "fingerprint": "ce4a75d2a603f59f6d8f1670ba80082935909c7555a06208bc91f75ad5c055e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce4a75d2a603f59f6d8f1670ba80082935909c7555a06208bc91f75ad5c055e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code-review.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110665, "scanner": "repobility-supply-chain", "fingerprint": "b561f31f5f752d190d1bf25126ec40337e4f5c236af73bf7fa616cb21a14ae8a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b561f31f5f752d190d1bf25126ec40337e4f5c236af73bf7fa616cb21a14ae8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v3`: `uses: actions/cache@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110664, "scanner": "repobility-supply-chain", "fingerprint": "4b5a170ea0669953a355c386670bc474f311aad445e1537bab8389e8849f1a95", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b5a170ea0669953a355c386670bc474f311aad445e1537bab8389e8849f1a95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110663, "scanner": "repobility-supply-chain", "fingerprint": "20568bf7e47a5a7a642eb8b44418e925126d9bbdbce0a7ed13ca7be3583d7232", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20568bf7e47a5a7a642eb8b44418e925126d9bbdbce0a7ed13ca7be3583d7232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110662, "scanner": "repobility-supply-chain", "fingerprint": "307837f3e22f0b6a9dd0c250b6d8af5b32bbe0b72641bbcafc26ae9b04cbfaaf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|307837f3e22f0b6a9dd0c250b6d8af5b32bbe0b72641bbcafc26ae9b04cbfaaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110661, "scanner": "repobility-supply-chain", "fingerprint": "447c7900abdcabf8ce6860920ad84d38a20a616fb19d9fa7c33081162868be07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|447c7900abdcabf8ce6860920ad84d38a20a616fb19d9fa7c33081162868be07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v3`: `uses: actions/setup-node@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110660, "scanner": "repobility-supply-chain", "fingerprint": "b9a4149a0dd5651aca4a56dd2c0e63430b7662c73c60eea59cb9e071acbfc6a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9a4149a0dd5651aca4a56dd2c0e63430b7662c73c60eea59cb9e071acbfc6a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 110659, "scanner": "repobility-supply-chain", "fingerprint": "f02c5756989f28d74672bef8ae1d5aed42e67b8b441f3493e2d4df87e4679ea4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f02c5756989f28d74672bef8ae1d5aed42e67b8b441f3493e2d4df87e4679ea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yaml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-prettier` pinned to mutable rev `v4.0.0-alpha.8`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-prettier` at `rev: v4.0.0-alpha.8`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 110658, "scanner": "repobility-supply-chain", "fingerprint": "64ed32869e479802246db464debec9d01e6524ffbd3be369b24dfc91121abd34", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|64ed32869e479802246db464debec9d01e6524ffbd3be369b24dfc91121abd34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.12.10`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.12.10`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 110657, "scanner": "repobility-supply-chain", "fingerprint": "93fd1ab8cc76ea262f5e6cf5b8946c35f5081411f17229cb3e9c79078cfb5f29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|93fd1ab8cc76ea262f5e6cf5b8946c35f5081411f17229cb3e9c79078cfb5f29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 110656, "scanner": "repobility-supply-chain", "fingerprint": "7027ed9cec38c9820097aff062c19c20f2c6fee94511e107decbc4ecadbe13e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7027ed9cec38c9820097aff062c19c20f2c6fee94511e107decbc4ecadbe13e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim` not pinned by digest: `FROM python:3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 110655, "scanner": "repobility-supply-chain", "fingerprint": "53c22fbbd09fa5a6e5990e227745ff46278672410688d3229c52b84ef9eee9c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|53c22fbbd09fa5a6e5990e227745ff46278672410688d3229c52b84ef9eee9c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 110654, "scanner": "repobility-supply-chain", "fingerprint": "c2ac7b45f523e60953520e5a2eb27ed8aac3edfe897385a4afe9b4d95b4a269c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c2ac7b45f523e60953520e5a2eb27ed8aac3edfe897385a4afe9b4d95b4a269c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH / has no auth: Handler `update_job` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110628, "scanner": "repobility-route-auth", "fingerprint": "6dc21d9751e0b4c0ec56d6fbae05cbd18780012999c9ad99bbcc7a77c5d72a18", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6dc21d9751e0b4c0ec56d6fbae05cbd18780012999c9ad99bbcc7a77c5d72a18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/jobs.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH / has no auth: Handler `update_explainer` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110627, "scanner": "repobility-route-auth", "fingerprint": "1b208f53fd8b7c4e918548ff3475847452d4d6fe63cbf2318e624ffdadb38d2e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1b208f53fd8b7c4e918548ff3475847452d4d6fe63cbf2318e624ffdadb38d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/explainers.py"}, "region": {"startLine": 606}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH / has no auth: Handler `update_component` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110626, "scanner": "repobility-route-auth", "fingerprint": "a2d6010b4b6c9aec4f0ad6c49371d87d735bb9705b5e541eca5093472878d6f7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a2d6010b4b6c9aec4f0ad6c49371d87d735bb9705b5e541eca5093472878d6f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE / has no auth: Handler `delete_component` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110625, "scanner": "repobility-route-auth", "fingerprint": "6440fb2bd8ff12d56a4d0b329f908dfdc020700e4d344fb1526e0e4c39c17706", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6440fb2bd8ff12d56a4d0b329f908dfdc020700e4d344fb1526e0e4c39c17706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `upload_component` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110624, "scanner": "repobility-route-auth", "fingerprint": "04ff6367593b4b5f6caf9e01d55610eaf1437ecd744a75059582626900c15634", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|04ff6367593b4b5f6caf9e01d55610eaf1437ecd744a75059582626900c15634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 278}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /validate_pipeline has no auth: Handler `validate_pipeline` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110623, "scanner": "repobility-route-auth", "fingerprint": "57955e7318851da7978abefeb7fe3bfe841ee4ef629a8da4127ea683ec2c170d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|57955e7318851da7978abefeb7fe3bfe841ee4ef629a8da4127ea683ec2c170d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/pipelines.py"}, "region": {"startLine": 513}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /index has no auth: Handler `refresh_plugins_record` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110622, "scanner": "repobility-route-auth", "fingerprint": "11f4f12a52949590e0479a37d878f969130f08f21b7c4479edabc74dec3de6e4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|11f4f12a52949590e0479a37d878f969130f08f21b7c4479edabc74dec3de6e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/plugins.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `upload_plugin` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 110621, "scanner": "repobility-route-auth", "fingerprint": "5beaee92a2439da2a3412c981ff295c77a84b5d2792bc2adc82ebe38bf3d909f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5beaee92a2439da2a3412c981ff295c77a84b5d2792bc2adc82ebe38bf3d909f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/plugins.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.get` inside async function `get_component_image`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 110620, "scanner": "repobility-ast-engine", "fingerprint": "e503f7adebc7cb2cc9f9133a327ce4022f35246b8c36a68d190bbeda02e63b8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e503f7adebc7cb2cc9f9133a327ce4022f35246b8c36a68d190bbeda02e63b8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_error` of class `ExplainerJob` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110603, "scanner": "repobility-ast-engine", "fingerprint": "71dde57efabd9a30bcb24b5a6a6b64ec460381c5eca97c3c15b8bdae47ae28eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71dde57efabd9a30bcb24b5a6a6b64ec460381c5eca97c3c15b8bdae47ae28eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/job/explainer_job.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_delivered` of class `ExplainerJob` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110602, "scanner": "repobility-ast-engine", "fingerprint": "4713944eb554faf92b2aaea9a00cfe92e08d03b2ac9725ddf3a1080997108034", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4713944eb554faf92b2aaea9a00cfe92e08d03b2ac9725ddf3a1080997108034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/job/explainer_job.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_delivered` of class `ExplainerJob` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110601, "scanner": "repobility-ast-engine", "fingerprint": "3e0c33bf34ab80561c2728af838d5c506d8529d8e7a1ac573064cefea491d887", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e0c33bf34ab80561c2728af838d5c506d8529d8e7a1ac573064cefea491d887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/job/explainer_job.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_try_to_load_a_invalid_datasets` of class `TestExcelDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110592, "scanner": "repobility-ast-engine", "fingerprint": "0d3e1513accb5ca2bb16415b7803d17419e6436214bf57c1c0f2c42f38dc99aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d3e1513accb5ca2bb16415b7803d17419e6436214bf57c1c0f2c42f38dc99aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_excel_dataloader.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_zip` of class `TestExcelDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110591, "scanner": "repobility-ast-engine", "fingerprint": "2966905108fb923cfcd552c1157b5c63bb60a6ec8dc016255a78627dac26889f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2966905108fb923cfcd552c1157b5c63bb60a6ec8dc016255a78627dac26889f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_excel_dataloader.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_file` of class `TestExcelDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110590, "scanner": "repobility-ast-engine", "fingerprint": "b7262a17f984542b8fb0832bba15cfab967d1f9c300472d885d91d200aeff572", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7262a17f984542b8fb0832bba15cfab967d1f9c300472d885d91d200aeff572"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_excel_dataloader.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_try_to_load_a_invalid_datasets` of class `TestCSVDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110589, "scanner": "repobility-ast-engine", "fingerprint": "992725ae742162b6612a4c6411f6502037040ce16835c81aa57f35b65dec90c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|992725ae742162b6612a4c6411f6502037040ce16835c81aa57f35b65dec90c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_csv_dataloader.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_with_missing_required_params` of class `TestCSVDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110588, "scanner": "repobility-ast-engine", "fingerprint": "32a16c154097b73157c5ec82484a6e3cbba587f026430f467c38cf6fb78c8af6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32a16c154097b73157c5ec82484a6e3cbba587f026430f467c38cf6fb78c8af6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_csv_dataloader.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_zip` of class `TestCSVDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110587, "scanner": "repobility-ast-engine", "fingerprint": "93e9c196431e06de4f7983fbb28bf499332428ef480da66ae2d7095b6165deee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93e9c196431e06de4f7983fbb28bf499332428ef480da66ae2d7095b6165deee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_csv_dataloader.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_file` of class `TestCSVDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110586, "scanner": "repobility-ast-engine", "fingerprint": "ebd5443698cad97d1da82eaf08afe7d660c8a6eb079feb75cff758b8e9e824fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebd5443698cad97d1da82eaf08afe7d660c8a6eb079feb75cff758b8e9e824fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_csv_dataloader.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_try_to_load_a_invalid_datasets` of class `TestJSONDataLoader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110585, "scanner": "repobility-ast-engine", "fingerprint": "18148da34a996b9303f5d632956e4bdecdd36eaab2a4148f9c468fb2d1a3cad4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18148da34a996b9303f5d632956e4bdecdd36eaab2a4148f9c468fb2d1a3cad4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_with_missing_required_params` of class `TestJSONDataLoader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110584, "scanner": "repobility-ast-engine", "fingerprint": "8dd35f6723effeb2cc57d6ab2bab9378338d0d311240237374e7ee50c876a0a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dd35f6723effeb2cc57d6ab2bab9378338d0d311240237374e7ee50c876a0a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_zip` of class `TestJSONDataLoader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110583, "scanner": "repobility-ast-engine", "fingerprint": "fda5808396f66311dede388a8e24c65a83792a4a06902e737a9be9b5c853a875", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fda5808396f66311dede388a8e24c65a83792a4a06902e737a9be9b5c853a875"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_file` of class `TestJSONDataLoader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110582, "scanner": "repobility-ast-engine", "fingerprint": "be510f2dbe5f17dfe7d02ed8ac33d03f3eb7885790ae727cc5fef75de69cb80f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be510f2dbe5f17dfe7d02ed8ac33d03f3eb7885790ae727cc5fef75de69cb80f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_dataloader_with_missing_required_params: Test function `test_dataloader_with_missing_required_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110581, "scanner": "repobility-ast-engine", "fingerprint": "78c3245f61bda868ac3e389843bbc3511029aacc3aca3429d3222664984fb138", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78c3245f61bda868ac3e389843bbc3511029aacc3aca3429d3222664984fb138"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_data_from_zip: Test function `test_load_data_from_zip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110580, "scanner": "repobility-ast-engine", "fingerprint": "276a24fc85fc0e256ecde0b99e24042c454412c84454561e0ac90e15040b5154", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|276a24fc85fc0e256ecde0b99e24042c454412c84454561e0ac90e15040b5154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_data_from_file: Test function `test_load_data_from_file` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110579, "scanner": "repobility-ast-engine", "fingerprint": "78fa52e2f5a0ea4424e873972d2f89b61f8be2588250ce11ca10f67981b53b3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78fa52e2f5a0ea4424e873972d2f89b61f8be2588250ce11ca10f67981b53b3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_json_dataloader.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dataloader_cls` used but never assigned in __init__: Method `_test_dataloader_try_to_load_a_invalid_datasets` of class `BaseTabularDataLoaderTester` reads `self.dataloader_cls`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110578, "scanner": "repobility-ast-engine", "fingerprint": "7303fcccd61d83b91213f7ebc09871656260a301df1f54c53f38b6072d988d15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7303fcccd61d83b91213f7ebc09871656260a301df1f54c53f38b6072d988d15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/base_tabular_dataloader_tests.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dataloader_cls` used but never assigned in __init__: Method `_test_dataloader_with_missing_required_params` of class `BaseTabularDataLoaderTester` reads `self.dataloader_cls`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110577, "scanner": "repobility-ast-engine", "fingerprint": "c46c930cc4403632f253fda2a304963c9fd7414d5f8e97ca21fe1ee2d30f2e6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c46c930cc4403632f253fda2a304963c9fd7414d5f8e97ca21fe1ee2d30f2e6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/base_tabular_dataloader_tests.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dataloader_cls` used but never assigned in __init__: Method `_test_load_data_from_zip` of class `BaseTabularDataLoaderTester` reads `self.dataloader_cls`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110576, "scanner": "repobility-ast-engine", "fingerprint": "856adcea7e4cb3193916c8e96c85202d9ff4355cff5f2e683e714b52ec7bef54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|856adcea7e4cb3193916c8e96c85202d9ff4355cff5f2e683e714b52ec7bef54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/base_tabular_dataloader_tests.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dataloader_cls` used but never assigned in __init__: Method `_test_load_data_from_file` of class `BaseTabularDataLoaderTester` reads `self.dataloader_cls`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110575, "scanner": "repobility-ast-engine", "fingerprint": "218bfc8851fe00e7a22477686423e7aa5968aa6cd8f4e9a2638ebd7b2108d71a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|218bfc8851fe00e7a22477686423e7aa5968aa6cd8f4e9a2638ebd7b2108d71a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/base_tabular_dataloader_tests.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_dataloader_try_to_load_a_invalid_datasets` of class `TestARFFDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110574, "scanner": "repobility-ast-engine", "fingerprint": "752eb5eb46e6b464a56301aaeafdc80864411d73da4a8d87c415742c8f0a03d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|752eb5eb46e6b464a56301aaeafdc80864411d73da4a8d87c415742c8f0a03d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_zip` of class `TestARFFDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110573, "scanner": "repobility-ast-engine", "fingerprint": "a62f3bc79cd537278fb7d74bb39510325a2858a3d2bacf574bee7d4eea772e4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a62f3bc79cd537278fb7d74bb39510325a2858a3d2bacf574bee7d4eea772e4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_type_name` used but never assigned in __init__: Method `test_load_data_from_file` of class `TestARFFDataloader` reads `self.data_type_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110572, "scanner": "repobility-ast-engine", "fingerprint": "80fce98a4e9ff0e417ea167a97ee850277eeb8f273e290528bc35b145112c21e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80fce98a4e9ff0e417ea167a97ee850277eeb8f273e290528bc35b145112c21e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_dataloader_try_to_load_a_invalid_datasets: Test function `test_dataloader_try_to_load_a_invalid_datasets` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110571, "scanner": "repobility-ast-engine", "fingerprint": "88b884c887f4a3447dc10d906faea973676a891f2109945f47d1cdf2201df1ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88b884c887f4a3447dc10d906faea973676a891f2109945f47d1cdf2201df1ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_data_from_zip: Test function `test_load_data_from_zip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110570, "scanner": "repobility-ast-engine", "fingerprint": "ed47300008f7b325b1f4dd1225cc1a9380993eb2da71aae942ee167088c54c15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed47300008f7b325b1f4dd1225cc1a9380993eb2da71aae942ee167088c54c15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_load_data_from_file: Test function `test_load_data_from_file` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110569, "scanner": "repobility-ast-engine", "fingerprint": "6e69f022a4212c23b9b7711e40f88232d23352a99e8c8b48cb0ff6bd58338ed4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e69f022a4212c23b9b7711e40f88232d23352a99e8c8b48cb0ff6bd58338ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/dataloaders/test_arff_dataloader.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_incorrect_type_in_union_schema: Test function `test_incorrect_type_in_union_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110568, "scanner": "repobility-ast-engine", "fingerprint": "04cb64e16fb54c2a5f6ed5d43c61a75750040f05512b4472e4308bdd43640bbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04cb64e16fb54c2a5f6ed5d43c61a75750040f05512b4472e4308bdd43640bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 414}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_union_schema: Test function `test_union_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110567, "scanner": "repobility-ast-engine", "fingerprint": "868e2b5504a918a11b3d68a545d5d540a0c2aad465fb627604aef34d8f00ae0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|868e2b5504a918a11b3d68a545d5d540a0c2aad465fb627604aef34d8f00ae0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 409}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_incorrect_type_in_null_schema: Test function `test_incorrect_type_in_null_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110566, "scanner": "repobility-ast-engine", "fingerprint": "4e32c55a6480279f2a8e2de3a9fd3dc45154768b7337c65a21dc7d5fb8f811ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e32c55a6480279f2a8e2de3a9fd3dc45154768b7337c65a21dc7d5fb8f811ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_null_schema: Test function `test_null_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110565, "scanner": "repobility-ast-engine", "fingerprint": "c77809d36c28d5741fbc7d77d53c0fd1dee71137007f4657040287fef407c843", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c77809d36c28d5741fbc7d77d53c0fd1dee71137007f4657040287fef407c843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_constraint_fails_in_normal_schema: Test function `test_constraint_fails_in_normal_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110564, "scanner": "repobility-ast-engine", "fingerprint": "578d3be28b8b77fa708fa29bcf0f28bce9daaff6b97e1f63d492aedef28e2e6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|578d3be28b8b77fa708fa29bcf0f28bce9daaff6b97e1f63d492aedef28e2e6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 353}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_incorrect_type_in_normal_schema: Test function `test_incorrect_type_in_normal_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110563, "scanner": "repobility-ast-engine", "fingerprint": "d3ccee9f28c13b6ce1e4cc17f364b46fbb2d241d2277eeb18204a87c1463a910", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3ccee9f28c13b6ce1e4cc17f364b46fbb2d241d2277eeb18204a87c1463a910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_normal_schema: Test function `test_normal_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110562, "scanner": "repobility-ast-engine", "fingerprint": "8b99e7f38073ccd20657ab367d2fde1929beb794478715bc71b820156b5ef6ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b99e7f38073ccd20657ab367d2fde1929beb794478715bc71b820156b5ef6ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/schemas/test_schemas.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_components_by_type_ignore_param_errors: Test function `test_get_components_by_type_ignore_param_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110561, "scanner": "repobility-ast-engine", "fingerprint": "3c1eb9e1c7ad4a96e70f0b006073eee7dac171820d8eb06eac3ac24481e42743", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c1eb9e1c7ad4a96e70f0b006073eee7dac171820d8eb06eac3ac24481e42743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 400}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_components_by_type_select_param_errors: Test function `test_get_components_by_type_select_param_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110560, "scanner": "repobility-ast-engine", "fingerprint": "16557dfb2c9ffecc4036dce0c5a4fd78eaf7e36746da06b0380b91d433be005c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16557dfb2c9ffecc4036dce0c5a4fd78eaf7e36746da06b0380b91d433be005c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test__getitem__key_error: Test function `test__getitem__key_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110559, "scanner": "repobility-ast-engine", "fingerprint": "a5c41e7873159be80a518e950d7289c865eef952ca1096133d0a1b7bf67254b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5c41e7873159be80a518e950d7289c865eef952ca1096133d0a1b7bf67254b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_base_type_no_base_classes_typerror: Test function `test_get_base_type_no_base_classes_typerror` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110558, "scanner": "repobility-ast-engine", "fingerprint": "f28326f3d4ebde9f6c74c76cf20d52a41b5c5ffd4bd440546508bf0378f586cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f28326f3d4ebde9f6c74c76cf20d52a41b5c5ffd4bd440546508bf0378f586cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_base_type_two_base_classes_typerror: Test function `test_get_base_type_two_base_classes_typerror` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110557, "scanner": "repobility-ast-engine", "fingerprint": "bb679334add6bb0256f89fc14dbe5a68d6e4c0a9eb669b0d429e9c5ded16a552", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb679334add6bb0256f89fc14dbe5a68d6e4c0a9eb669b0d429e9c5ded16a552"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_basic_register_component_class_with_no_type: Test function `test_basic_register_component_class_with_no_type` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110556, "scanner": "repobility-ast-engine", "fingerprint": "700c7c03118d4654e6f876232f3094fd4cd5b6418791264d8199f53afc19977f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|700c7c03118d4654e6f876232f3094fd4cd5b6418791264d8199f53afc19977f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/registries/test_registry.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_peek_and_get_nonexistent: Test function `test_peek_and_get_nonexistent` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110555, "scanner": "repobility-ast-engine", "fingerprint": "d72fabc9422cca11179b42ecaecc20e89516c4d35b5eeff3b111210c0a252879", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d72fabc9422cca11179b42ecaecc20e89516c4d35b5eeff3b111210c0a252879"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/job_queue/test_huey_job_queue.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_nonexistent_job_status: Test function `test_get_nonexistent_job_status` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110554, "scanner": "repobility-ast-engine", "fingerprint": "5aa0e4947fe2ff28f5bc747ab6b0ee01d393f6c7bfec6749dbcc2bd93cca422a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5aa0e4947fe2ff28f5bc747ab6b0ee01d393f6c7bfec6749dbcc2bd93cca422a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/job_queue/test_huey_job_queue.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_execute_incorrect_pip_command: Test function `test_execute_incorrect_pip_command` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110553, "scanner": "repobility-ast-engine", "fingerprint": "11b4bd7574900df61893b62c1086276e149e7691c91548d4d90c99409237a2d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11b4bd7574900df61893b62c1086276e149e7691c91548d4d90c99409237a2d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/plugins/test_plugin_utils.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_execute_pip_command: Test function `test_error_execute_pip_command` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110552, "scanner": "repobility-ast-engine", "fingerprint": "1134b9587fe93c5062e17fc6c1cfb0323389016a26afaebc484aaee99e9ce438", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1134b9587fe93c5062e17fc6c1cfb0323389016a26afaebc484aaee99e9ce438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/plugins/test_plugin_utils.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_datasets_path: Test function `test_datasets_path` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110549, "scanner": "repobility-ast-engine", "fingerprint": "12e463976e3ec4485de53154bf6cdb2369d562cbb8c0884bb2b548bfcce21356", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12e463976e3ec4485de53154bf6cdb2369d562cbb8c0884bb2b548bfcce21356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/conftest.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_path: Test function `test_path` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 110548, "scanner": "repobility-ast-engine", "fingerprint": "def53cff8af2ef67bc77dd3ef8907da42d03974fe129848f4ee53fdea0e8d8ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|def53cff8af2ef67bc77dd3ef8907da42d03974fe129848f4ee53fdea0e8d8ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/conftest.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_arff` used but never assigned in __init__: Method `_generate_splits` of class `ARFFTestDatasetGenerator` reads `self._write_arff`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110547, "scanner": "repobility-ast-engine", "fingerprint": "8a02a477eeed64f09eb2bcd63d3fa09b23115bce989dbf34bea388b471cb7396", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a02a477eeed64f09eb2bcd63d3fa09b23115bce989dbf34bea388b471cb7396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/test_datasets_generator.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_arff` used but never assigned in __init__: Method `_generate_splits` of class `ARFFTestDatasetGenerator` reads `self._write_arff`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110546, "scanner": "repobility-ast-engine", "fingerprint": "0f872fc0099155ebe438560c37cb1fcac7027ec18580e8c8eea37a4b2cf210d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f872fc0099155ebe438560c37cb1fcac7027ec18580e8c8eea37a4b2cf210d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/test_datasets_generator.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_arff` used but never assigned in __init__: Method `_generate_splits` of class `ARFFTestDatasetGenerator` reads `self._write_arff`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110545, "scanner": "repobility-ast-engine", "fingerprint": "622b6fd6bc494417536d13bd649a20830bc528ece2a6a827aa49c5d853de5f4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|622b6fd6bc494417536d13bd649a20830bc528ece2a6a827aa49c5d853de5f4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/test_datasets_generator.py"}, "region": {"startLine": 387}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_arff` used but never assigned in __init__: Method `_generate_common_cases` of class `ARFFTestDatasetGenerator` reads `self._write_arff`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 110544, "scanner": "repobility-ast-engine", "fingerprint": "051dc0646c66769589f93a982b4de6219089f4908531eb5fd6c4595d8a7482d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|051dc0646c66769589f93a982b4de6219089f4908531eb5fd6c4595d8a7482d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/test_datasets_generator.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{job_id}."}, "properties": {"repobilityId": 110527, "scanner": "repobility-access-control", "fingerprint": "ba9f087dd0cb0dad67b08d121edfaabf4acbae1c01fa044cf750847fd99359fd", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{job_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|320|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/jobs.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{job_id}/details."}, "properties": {"repobilityId": 110526, "scanner": "repobility-access-control", "fingerprint": "94f975cfa6b5cf729c95ce6795a7c4298ef5095f9b2db3e0c7d51df5f571fa13", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{job_id}/details", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|144|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/jobs.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{job_id}."}, "properties": {"repobilityId": 110525, "scanner": "repobility-access-control", "fingerprint": "d9b6f26e2f007a7181d8aa1bdb0df50435a2c616678bd61464fa860a4b9ef734", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{job_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|110|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/jobs.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{id}/."}, "properties": {"repobilityId": 110524, "scanner": "repobility-access-control", "fingerprint": "16b7a296dec54722ad68a555b8fe48714f4fba2c2f41d87b8f78d55507eadc08", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{id}/", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|239|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/components.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 110485, "scanner": "repobility-threat-engine", "fingerprint": "c028a2138d4568be8abfc65d7ae2e6431e6da76664e41a5b66653ef4284c8fa4", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((c) => `${c.id}:${c.status}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c028a2138d4568be8abfc65d7ae2e6431e6da76664e41a5b66653ef4284c8fa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/notebooks/notebook/DatasetPreviewNotebook.jsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 110475, "scanner": "repobility-threat-engine", "fingerprint": "143a3b61365a9ed68e0c0ff22773d3a4953bf39f8baaac622317aad614694b83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(className", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|143a3b61365a9ed68e0c0ff22773d3a4953bf39f8baaac622317aad614694b83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/generative/TextMessage.jsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 110474, "scanner": "repobility-threat-engine", "fingerprint": "3fcc74e52f177f6dbad5d3ad38bdadbb395e6008fb6e03f351bae5ce50019d28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(text", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3fcc74e52f177f6dbad5d3ad38bdadbb395e6008fb6e03f351bae5ce50019d28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/front/src/components/custom/ComponentDetailsPanel.jsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 110465, "scanner": "repobility-threat-engine", "fingerprint": "d6bdff4ff2bad1ee696266636de793cd397015c405c17ea993fcaca7058e3277", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d6bdff4ff2bad1ee696266636de793cd397015c405c17ea993fcaca7058e3277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/plugins/utils.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 110463, "scanner": "repobility-threat-engine", "fingerprint": "60a731372e882abca756c463d0d5199a27c47b7e498b46c3325d7a7e0be04112", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"(\\.[a-z0-9]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|dashai/back/types/utils.py|343|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/utils.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 110462, "scanner": "repobility-threat-engine", "fingerprint": "8a0a75db04386462137c617d4ed57e3172b4a4b4d596b81e0a5cff38763d99e6", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"-(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|39|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/pipeline/validator/pipeline_validator.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 110440, "scanner": "repobility-threat-engine", "fingerprint": "555a719eb3b8df8e5197058e112ffdc4dbadba369343e8f10505fe58ece47a65", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|555a719eb3b8df8e5197058e112ffdc4dbadba369343e8f10505fe58ece47a65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/converters/sklearn_wrapper.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 110439, "scanner": "repobility-threat-engine", "fingerprint": "e9a47fec1ba76db2131f9e8153e530e2c50e45f86fd7130df9cbb8ecdd39882e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9a47fec1ba76db2131f9e8153e530e2c50e45f86fd7130df9cbb8ecdd39882e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/metrics.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 110438, "scanner": "repobility-threat-engine", "fingerprint": "543e51c4a777ce840af9b41b345959066a6c5ed9294e56e42402b5252154aed1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|543e51c4a777ce840af9b41b345959066a6c5ed9294e56e42402b5252154aed1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/hardware.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 110436, "scanner": "repobility-threat-engine", "fingerprint": "259a0522142637cecde2dc21310191871468e55506df3fa55ab659f82c3ca25e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/\", status_code=status.HTTP_201_CREATED)\nasync def upload_generative_process(\n    requ", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|259a0522142637cecde2dc21310191871468e55506df3fa55ab659f82c3ca25e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/generative_process.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 110435, "scanner": "repobility-threat-engine", "fingerprint": "fdd6b9532618be2a120c9597c04090a939da0d5cef1d1f1cb5b690f9d73a9ec3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/{source_name}/{dataset_id:path}/preview\")\nasync def preview_dataset_with_params(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fdd6b9532618be2a120c9597c04090a939da0d5cef1d1f1cb5b690f9d73a9ec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/dataset_source.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 110434, "scanner": "repobility-threat-engine", "fingerprint": "bae530dc80f9dea4fd7a42b944151f43e415b9c4bc2c68195133280c7be22e6d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/\", status_code=status.HTTP_201_CREATED, response_model=Dict[str, Any])\nasync def crea", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bae530dc80f9dea4fd7a42b944151f43e415b9c4bc2c68195133280c7be22e6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/datafile.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 110424, "scanner": "repobility-threat-engine", "fingerprint": "d445485c75f66c7c2fb467890703c86df1afb969f3f64aa3362f124ae136e491", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "db.delete(row)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d445485c75f66c7c2fb467890703c86df1afb969f3f64aa3362f124ae136e491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/datafile.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 110423, "scanner": "repobility-threat-engine", "fingerprint": "ffe6be2a32e37526b245f94ed9c03e417ab06800fe4a374e21a943e26a41923e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "db.delete(converter)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ffe6be2a32e37526b245f94ed9c03e417ab06800fe4a374e21a943e26a41923e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/api/api_v1/endpoints/converters.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 110422, "scanner": "repobility-threat-engine", "fingerprint": "1c4515cb643f28813b641452e4fef21f5a6e354a1ca28b5d4c0b9788003ce4b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1c4515cb643f28813b641452e4fef21f5a6e354a1ca28b5d4c0b9788003ce4b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/__main__.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110420, "scanner": "repobility-threat-engine", "fingerprint": "0cbbc8dd023a54116d801d22ef951e65d6c7c14cedb455a1a95bed8ef0c6c99b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0cbbc8dd023a54116d801d22ef951e65d6c7c14cedb455a1a95bed8ef0c6c99b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/dependencies/database/sqlite_database.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110419, "scanner": "repobility-threat-engine", "fingerprint": "42695c2dff2f3d35f4b0e0e240e078f8815fe9ff8a991d6121619114f26b44e0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42695c2dff2f3d35f4b0e0e240e078f8815fe9ff8a991d6121619114f26b44e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/dependencies/database/migrate.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110418, "scanner": "repobility-threat-engine", "fingerprint": "4beebbc6a3951e0b7aa18ff144dae131d30bbd385a0e54144ca496b3fd6a969c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4beebbc6a3951e0b7aa18ff144dae131d30bbd385a0e54144ca496b3fd6a969c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/__main__.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 110617, "scanner": "repobility-ast-engine", "fingerprint": "1b13e58f6a3ee0ae42a05c8c70b7d0f4dfb505d8c8cef4b390871492af00e1f7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b13e58f6a3ee0ae42a05c8c70b7d0f4dfb505d8c8cef4b390871492af00e1f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "DashAI/back/types/utils.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 110550, "scanner": "repobility-ast-engine", "fingerprint": "c38fb2f0791554eaefc496e6c220732ea1b4834108a7dd693815d3bbe5553f3f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c38fb2f0791554eaefc496e6c220732ea1b4834108a7dd693815d3bbe5553f3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/back/conftest.py"}, "region": {"startLine": 49}}}]}]}]}