{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /analyze has no auth", "shortDescription": {"text": "FastAPI POST /analyze has no auth"}, "fullDescription": {"text": "Handler `analyze` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.process_message` used but never assigned in __init__", "shortDescription": {"text": "`self.process_message` used but never assigned in __init__"}, "fullDescription": {"text": "Method `process_batch` of class `StreamProcessor` reads `self.process_message`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/665"}, "properties": {"repository": "yeabsirateshale73-dot/realtime-sentiment-engine", "repoUrl": "https://github.com/yeabsirateshale73-dot/realtime-sentiment-engine.git", "branch": "main"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 45142, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 45124, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 45123, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 45140, "scanner": "repobility-threat-engine", "fingerprint": "aefe4754eadc1d1dd6f21a838b8ec889777ac10aa83b23e3ec968fa53842a349", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|106|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/sentiment_model.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 45138, "scanner": "repobility-threat-engine", "fingerprint": "70d7807e09262cfb9ec475308eaa5bc7873b2287a9e13fcb2602e21bc11ee9d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70d7807e09262cfb9ec475308eaa5bc7873b2287a9e13fcb2602e21bc11ee9d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/config.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 45137, "scanner": "repobility-threat-engine", "fingerprint": "05281fac2a1dfe1fa2d9d6e2e0edbec16ef0d49197fdec8dec834968fda347a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05281fac2a1dfe1fa2d9d6e2e0edbec16ef0d49197fdec8dec834968fda347a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/app/main.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 45141, "scanner": "repobility-threat-engine", "fingerprint": "0d1b85e23761448ceba65c1fbc19e091e166866d404b9b7f52ca644e51b48174", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.model.save(path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d1b85e23761448ceba65c1fbc19e091e166866d404b9b7f52ca644e51b48174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/topic_extractor.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 45139, "scanner": "repobility-threat-engine", "fingerprint": "3faa475b13c3aeb5061b9f3deab4fd3d15ab2651acf4a0ec02993b7928301543", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3faa475b13c3aeb5061b9f3deab4fd3d15ab2651acf4a0ec02993b7928301543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/kafka_consumer.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 45136, "scanner": "repobility-threat-engine", "fingerprint": "034796d5bd249e26943e6ccba87d4a11e93e0ffac3b0cefcbdcc391a412d62ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/analyze\", response_model=List[SentimentResult])\nasync def analyze(request: AnalyzeReques", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|034796d5bd249e26943e6ccba87d4a11e93e0ffac3b0cefcbdcc391a412d62ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/app/main.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /analyze has no auth"}, "properties": {"repobilityId": 45135, "scanner": "repobility-route-auth", "fingerprint": "4a6f5b1fc359c926a15def52f8107fa894da283a1b47bb8e9c7fedfcfe3430fb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4a6f5b1fc359c926a15def52f8107fa894da283a1b47bb8e9c7fedfcfe3430fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/app/main.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.process_message` used but never assigned in __init__"}, "properties": {"repobilityId": 45134, "scanner": "repobility-ast-engine", "fingerprint": "f8f3d638d96cbddb8aadc5bda0d02236f548a67ae7a6e4f71cc9e3c56d21ea24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8f3d638d96cbddb8aadc5bda0d02236f548a67ae7a6e4f71cc9e3c56d21ea24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/processor.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._flush_topics` used but never assigned in __init__"}, "properties": {"repobilityId": 45133, "scanner": "repobility-ast-engine", "fingerprint": "3cb52e9f6d03bd3b868a441504edb515b7828fda41ea5e1d2de0fb53293da84c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3cb52e9f6d03bd3b868a441504edb515b7828fda41ea5e1d2de0fb53293da84c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/processor.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._flush_topics` used but never assigned in __init__"}, "properties": {"repobilityId": 45132, "scanner": "repobility-ast-engine", "fingerprint": "1a9af1cc1cc763fdee867e14dde140715fd81b8b9e1148ebd3e9cd76974e8247", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a9af1cc1cc763fdee867e14dde140715fd81b8b9e1148ebd3e9cd76974e8247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/processor.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.process_message` used but never assigned in __init__"}, "properties": {"repobilityId": 45131, "scanner": "repobility-ast-engine", "fingerprint": "29ec9fc58d2203e9a503545587b26b28f3adff26cfc43a42ad966bbdf8e909dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29ec9fc58d2203e9a503545587b26b28f3adff26cfc43a42ad966bbdf8e909dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/processor.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._flush_topics` used but never assigned in __init__"}, "properties": {"repobilityId": 45130, "scanner": "repobility-ast-engine", "fingerprint": "129c28c88b6175ef9bc8d27afaadd896b27cedae13e30d60576671170c33cbb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|129c28c88b6175ef9bc8d27afaadd896b27cedae13e30d60576671170c33cbb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/processor.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.predict` used but never assigned in __init__"}, "properties": {"repobilityId": 45129, "scanner": "repobility-ast-engine", "fingerprint": "a034005983a1dc197bc11c4fe5dfb600a784dbd9f0c9af26cee53de5d4ee70a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a034005983a1dc197bc11c4fe5dfb600a784dbd9f0c9af26cee53de5d4ee70a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/sentiment_model.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._compute_metrics` used but never assigned in __init__"}, "properties": {"repobilityId": 45128, "scanner": "repobility-ast-engine", "fingerprint": "0b730f20250bebf8e0eb7da378a4ecbbbfd121582d787ffc0070a326f6914156", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b730f20250bebf8e0eb7da378a4ecbbbfd121582d787ffc0070a326f6914156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/sentiment_model.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._load_data` used but never assigned in __init__"}, "properties": {"repobilityId": 45127, "scanner": "repobility-ast-engine", "fingerprint": "5582e08cedf83a1c02115957785af63350c3a01f5aef460b6baa22a6d977692e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5582e08cedf83a1c02115957785af63350c3a01f5aef460b6baa22a6d977692e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/sentiment_model.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._tokenize` used but never assigned in __init__"}, "properties": {"repobilityId": 45126, "scanner": "repobility-ast-engine", "fingerprint": "6c56768f764b9507a20514ddca51b87c1830223058414909dfa0774ab62362c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c56768f764b9507a20514ddca51b87c1830223058414909dfa0774ab62362c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/sentiment_model.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._build_model` used but never assigned in __init__"}, "properties": {"repobilityId": 45125, "scanner": "repobility-ast-engine", "fingerprint": "54c85a59fcc31f276c4a3ad90e18d64e5f04c8c687ac01fa34078edfbe25e027", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54c85a59fcc31f276c4a3ad90e18d64e5f04c8c687ac01fa34078edfbe25e027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "realtime-sentiment-engine/src/topic_extractor.py"}, "region": {"startLine": 39}}}]}]}]}