{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC003", "name": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.", "shortDescription": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "fullDescription": {"text": "Never commit secrets. Use .env files with .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_merge_policies` has cognitive complexity 15 (SonarSource scale). Cogniti", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_merge_policies` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursi"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 75 more): Same pattern found in 75 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 75 more): Same pattern found in 75 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 24 more): Same pattern found in 24 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 228 more): Same pattern found in 228 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 228 more): Same pattern found in 228 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.14.5-alpine` not pinned by digest: `FROM python:3.14.5-alpine` resolves the tag at ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.14.5-alpine` not pinned by digest: `FROM python:3.14.5-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Produc"}, "fullDescription": {"text": "Replace with: `FROM python:3.14.5-alpine@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/cdce8p/python-typing-update` pinned to mutable rev `v0.6.0`: `.pre-commit", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/cdce8p/python-typing-update` pinned to mutable rev `v0.6.0`: `.pre-commit-config.yaml` references `https://github.com/cdce8p/python-typing-update` at `rev: v0.6.0`. If `{rev}` is a branch or ve"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `requests.exceptions.ConnectionError` inside async function `test_connection_error`: `requests.", "shortDescription": {"text": "[MINED110] Blocking call `requests.exceptions.ConnectionError` inside async function `test_connection_error`: `requests.exceptions.ConnectionError` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loo"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_deprecated_disabled_by_str_set: Test function `test_deprecated_disabled_by_str_se", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_deprecated_disabled_by_str_set: Test function `test_deprecated_disabled_by_str_set` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage witho"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._async_flow_handler_to_flow_result` used but never assigned in __init__: Method `async_progress_by_hand", "shortDescription": {"text": "[MINED108] `self._async_flow_handler_to_flow_result` used but never assigned in __init__: Method `async_progress_by_handler` of class `FlowManager` reads `self._async_flow_handler_to_flow_result`, but no assignment to it exists in __init__ "}, "fullDescription": {"text": "Initialize `self._async_flow_handler_to_flow_result = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `", "shortDescription": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import platform` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC099", "name": "[SEC099] JWT decoded without signature verification: JWT token is parsed without verifying its signature. The token body", "shortDescription": {"text": "[SEC099] JWT decoded without signature verification: JWT token is parsed without verifying its signature. The token body can be tampered with arbitrarily by an attacker."}, "fullDescription": {"text": "Use jwt.decode(token, key, algorithms=[...]) without options={'verify_signature': False}. If you genuinely need to peek without verifying (rare \u2014 e.g. logging the kid before fetching the key), use jwt.get_unverified_header() instead and clearly comment."}, "properties": {"scanner": "repobility-threat-engine", "category": "auth", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/561"}, "properties": {"repository": "home-assistant/core", "repoUrl": "https://github.com/home-assistant/core", "branch": "dev"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 37450, "scanner": "repobility-ast-engine", "fingerprint": "78ed6ad4432ad4e7139e44b92231b2d0e0cfc5651f06037da1d3ce72f55db68c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78ed6ad4432ad4e7139e44b92231b2d0e0cfc5651f06037da1d3ce72f55db68c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 7306}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 37449, "scanner": "repobility-ast-engine", "fingerprint": "c155256743130f1206b4e4c53c167bb9510bbe4105a0667b2c296853840a0282", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c155256743130f1206b4e4c53c167bb9510bbe4105a0667b2c296853840a0282"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 7019}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 37405, "scanner": "repobility-ast-engine", "fingerprint": "efeb4c613923fc6526f3d6addf00d02f399a4612eaad1be90ef75c4ad95773e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efeb4c613923fc6526f3d6addf00d02f399a4612eaad1be90ef75c4ad95773e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 37395, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 37394, "scanner": "repobility-docker", "fingerprint": "f7f2abfa4cacb03024576917803022206deac2a273a4dcc978842d8f977612e7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.14.5-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f7f2abfa4cacb03024576917803022206deac2a273a4dcc978842d8f977612e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/hassfest/docker/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 37389, "scanner": "repobility-docker", "fingerprint": "e58c35b4eee438ba20c6a41815f9be45ce249471b4e40dd22541d776891a5afc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BUILD_FROM}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e58c35b4eee438ba20c6a41815f9be45ce249471b4e40dd22541d776891a5afc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 37365, "scanner": "repobility-threat-engine", "fingerprint": "4512a2340a127557914a379e752593b68d6da1bd5715955a728b0c0faf4b91dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url=\"https://www.example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4512a2340a127557914a379e752593b68d6da1bd5715955a728b0c0faf4b91dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/demo/update.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 37363, "scanner": "repobility-threat-engine", "fingerprint": "5cc38c6ecbce75c7c2b0b48b18341b621f943a46d68050de41bdb0376909a533", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen( # noqa: S602 # shell by design\n command,\n universal_newline", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|55|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/command_line/notify.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 37362, "scanner": "repobility-threat-engine", "fingerprint": "b08552b623cbed647f8eaba2964ed502f6027696cf59506e8c5ca07611fc5118", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _apply_state(self) -> None:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b08552b623cbed647f8eaba2964ed502f6027696cf59506e8c5ca07611fc5118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/bond/entity.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 37361, "scanner": "repobility-threat-engine", "fingerprint": "a614940ec3131126837ccefda18ebeb42b5c668f0cd8f95f217ae5bbbd1b3b06", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.8 bits) \u2014 may be placeholder or common string", "evidence": {"match": "SECRET_KEY = \"secret_key\"", "reason": "Low entropy value (2.8 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|secret_key secret_key"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/baidu/tts.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 37358, "scanner": "repobility-threat-engine", "fingerprint": "227281eaa519937000def646faa35f30f6b46b158dae2194f67ddadd767abe6a", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "check_hostname = False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|20|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/elmax/common.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 37357, "scanner": "repobility-threat-engine", "fingerprint": "03c33a707dd77eaf01e565d4fe1cd08093dd6f560cbe9d778c3fc9bee9034916", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|41|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/august/config_flow.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 37349, "scanner": "repobility-threat-engine", "fingerprint": "c116b661cd9b2a7badeef5160dac882b6df47f75174b99a3386b1bad1ccdd267", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD = \"\"", "reason": "Low entropy value (3.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/enigma2/const.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 37348, "scanner": "repobility-threat-engine", "fingerprint": "bf8d9cec5421eefa1baf924ce9d12b52d4a37c3ff6f69bf8aba12d780df36bd4", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD = \"\"", "reason": "Low entropy value (2.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/edimax/switch.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 37313, "scanner": "repobility-threat-engine", "fingerprint": "6832b76d55c2352226b5324232019e0877ffef5f1a1596e47bc0deb4bc7ea20c", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|93|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/backup_restore.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_merge_policies` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=2, if=4, nested_bonus=6, recursion=1."}, "properties": {"repobilityId": 37306, "scanner": "repobility-threat-engine", "fingerprint": "0ef5f09badfd61ce7931d07cbe9d87c5f4435ba494e419cfd70dec07404d0fbb", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_merge_policies", "breakdown": {"if": 4, "for": 2, "continue": 2, "recursion": 1, "nested_bonus": 6}, "complexity": 15, "correlation_key": "fp|0ef5f09badfd61ce7931d07cbe9d87c5f4435ba494e419cfd70dec07404d0fbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/permissions/merge.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 37392, "scanner": "repobility-docker", "fingerprint": "8853810d9d79ca7df6256354b5e067a5d5d64391f3c0d0bf964d2e82d8abd6b6", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8853810d9d79ca7df6256354b5e067a5d5d64391f3c0d0bf964d2e82d8abd6b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.dev"}, "region": {"startLine": 50}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 37391, "scanner": "repobility-docker", "fingerprint": "c5f5348ebdbd7235864fdb7f18cb3be4c0a8045f1df47825985a2b7a9b511813", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c5f5348ebdbd7235864fdb7f18cb3be4c0a8045f1df47825985a2b7a9b511813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.dev"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 37390, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 37388, "scanner": "repobility-docker", "fingerprint": "718274b67e22efed8e81e34acbc7f7e6a26ad91acd5e700b88b1327930fa12a0", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|718274b67e22efed8e81e34acbc7f7e6a26ad91acd5e700b88b1327930fa12a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 53}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 37387, "scanner": "repobility-docker", "fingerprint": "20802efc736a21850c1e411508f4cab11a19cfe7fa0342cf20dad18f7444f005", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|20802efc736a21850c1e411508f4cab11a19cfe7fa0342cf20dad18f7444f005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 37385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e1f0a8727432cf7c5b6e2064950476cf328770916ba3295042c2b02bc6db8ec", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "async_attach_trigger", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "homeassistant/components/alarm_control_panel/device_trigger.py", "correlation_key": "fp|3e1f0a8727432cf7c5b6e2064950476cf328770916ba3295042c2b02bc6db8ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/zwave_js/triggers/value_updated.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cebbed76f87aa3d2527d5318f3934e49af1c955d669f6e12513984c6c91ecfb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/androidtv/config_flow.py", "duplicate_line": 255, "correlation_key": "fp|cebbed76f87aa3d2527d5318f3934e49af1c955d669f6e12513984c6c91ecfb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/androidtv_remote/config_flow.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2a756ffad2b1da30e81163e0de37beca66828d5ae14fc94d1882e7546687d62", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/amberelectric/sensor.py", "duplicate_line": 102, "correlation_key": "fp|f2a756ffad2b1da30e81163e0de37beca66828d5ae14fc94d1882e7546687d62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/amberelectric/services.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "950d81f7cce4465ba5a290b8649d06838dc2d38dc5135270210d6beccd861f6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airgradient/sensor.py", "duplicate_line": 11, "correlation_key": "fp|950d81f7cce4465ba5a290b8649d06838dc2d38dc5135270210d6beccd861f6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/altruist/sensor.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "261c50da99af894a5bb75ddf1b23fb026ebb181973997fbc9a362fab96b68006", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airzone/water_heater.py", "duplicate_line": 97, "correlation_key": "fp|261c50da99af894a5bb75ddf1b23fb026ebb181973997fbc9a362fab96b68006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airzone_cloud/water_heater.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef9b9b3d8da5d664ddc03941c3a7432536f7f0d23ef3f76bf6d892be71fa51f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airzone/sensor.py", "duplicate_line": 57, "correlation_key": "fp|ef9b9b3d8da5d664ddc03941c3a7432536f7f0d23ef3f76bf6d892be71fa51f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airzone_cloud/sensor.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71d7a5edfa27651babb8b69d7aa999af4f5e526dc69d8de8cca90ae391950937", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airzone/climate.py", "duplicate_line": 27, "correlation_key": "fp|71d7a5edfa27651babb8b69d7aa999af4f5e526dc69d8de8cca90ae391950937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airzone_cloud/climate.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc351ac3f7cada01f11754cf1191e6d8ccc990500f75f2c6a53ff0570eb21008", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airzone/binary_sensor.py", "duplicate_line": 114, "correlation_key": "fp|cc351ac3f7cada01f11754cf1191e6d8ccc990500f75f2c6a53ff0570eb21008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airzone_cloud/binary_sensor.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9043c350358326a067925ba77bd2af286ffb44c9f4ee38522edfcf078ca2a9ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/airthings/sensor.py", "duplicate_line": 70, "correlation_key": "fp|9043c350358326a067925ba77bd2af286ffb44c9f4ee38522edfcf078ca2a9ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airthings_ble/sensor.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79a7b2b420f0840979c0bed55d5cc2f7db4e2561dac920c0a7a5ff5938f5e336", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/accuweather/config_flow.py", "duplicate_line": 50, "correlation_key": "fp|79a7b2b420f0840979c0bed55d5cc2f7db4e2561dac920c0a7a5ff5938f5e336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airnow/config_flow.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0a9546fde2a16f378db0d28edc147881f86eb2bfa1b47acd67bba60f22f70d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/accuweather/config_flow.py", "duplicate_line": 50, "correlation_key": "fp|f0a9546fde2a16f378db0d28edc147881f86eb2bfa1b47acd67bba60f22f70d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airly/config_flow.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41cab695f87ae1712461394f878ef793067fdfd0bc55e5959ec1e0690abcff44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/air_quality/condition.py", "duplicate_line": 2, "correlation_key": "fp|41cab695f87ae1712461394f878ef793067fdfd0bc55e5959ec1e0690abcff44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/air_quality/trigger.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c1f981a449a3a84fd63a34bc7b37a5c8a9ce57b73c47e4115b536621a7d5cb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/components/acmeda/cover.py", "duplicate_line": 10, "correlation_key": "fp|0c1f981a449a3a84fd63a34bc7b37a5c8a9ce57b73c47e4115b536621a7d5cb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/acmeda/sensor.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d5b5909e8802cbdf8ec0e100ba5f2b03e3fe8fcdab9aa19daa9f47c7ba499c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/auth/providers/command_line.py", "duplicate_line": 84, "correlation_key": "fp|3d5b5909e8802cbdf8ec0e100ba5f2b03e3fe8fcdab9aa19daa9f47c7ba499c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/providers/insecure_example.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0abd4fce9261f180626e2a113e3bf1b963ce99c503633dcc0e57d9d5dea4283e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "homeassistant/auth/providers/command_line.py", "duplicate_line": 120, "correlation_key": "fp|0abd4fce9261f180626e2a113e3bf1b963ce99c503633dcc0e57d9d5dea4283e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/providers/homeassistant.py"}, "region": {"startLine": 322}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 37370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c40bb79b56f1e8fa5994ed61f874cd12da0fcc8298356f10fe710226d4f94a00", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "updated", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c40bb79b56f1e8fa5994ed61f874cd12da0fcc8298356f10fe710226d4f94a00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/zwave_js/triggers/value_updated.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 37369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": [".github/copilot-instructions.md", "AGENTS.md", "CLAUDE.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/copilot-instructions.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 37366, "scanner": "repobility-threat-engine", "fingerprint": "491bef6d054c112941d9e486c3ad3343f0f397736a0f2aad4e9e67652f138fdf", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.isfile(final_path):\n os.remove(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|491bef6d054c112941d9e486c3ad3343f0f397736a0f2aad4e9e67652f138fdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/downloader/services.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `compile_policy` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=5, nested_bonus=2."}, "properties": {"repobilityId": 37307, "scanner": "repobility-threat-engine", "fingerprint": "4da301aa554e973f15b10753f2c8cd6f56e61a790fb20fef894cdb2583de1a14", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "compile_policy", "breakdown": {"if": 5, "for": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|4da301aa554e973f15b10753f2c8cd6f56e61a790fb20fef894cdb2583de1a14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/permissions/util.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `ensure_config_path` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=2, if=4, nested_bonus=5."}, "properties": {"repobilityId": 37305, "scanner": "repobility-threat-engine", "fingerprint": "5e63bc1a64f0dc44b95efe6bfd79e894581fa240f2183e688a92bc9b7e438a44", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "ensure_config_path", "breakdown": {"if": 4, "else": 1, "except": 2, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|5e63bc1a64f0dc44b95efe6bfd79e894581fa240f2183e688a92bc9b7e438a44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/__main__.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 37386, "scanner": "repobility-docker", "fingerprint": "0dd75dc1825924f69ae18d7c8a4e2f3105d63e57546f0c69286ccf562db5ce33", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BUILD_FROM}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0dd75dc1825924f69ae18d7c8a4e2f3105d63e57546f0c69286ccf562db5ce33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 37360, "scanner": "repobility-threat-engine", "fingerprint": "55c3384ed8819bfafde99e4ae50441d3ed0ba0bc0ce73af27cc3627e5f628bf2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55c3384ed8819bfafde99e4ae50441d3ed0ba0bc0ce73af27cc3627e5f628bf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/axis/config_flow.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 37356, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 37352, "scanner": "repobility-threat-engine", "fingerprint": "cbeaf897eb7fcac34a794095cd31e440af8c609442cc061aa3fa4a27aa5acb28", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cbeaf897eb7fcac34a794095cd31e440af8c609442cc061aa3fa4a27aa5acb28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/aquostv/media_player.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 37351, "scanner": "repobility-threat-engine", "fingerprint": "d7a4179d7783c17d429d54e0bf6c831c06dca7e5e3dcfbc072784858793957d0", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d7a4179d7783c17d429d54e0bf6c831c06dca7e5e3dcfbc072784858793957d0"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 37350, "scanner": "repobility-threat-engine", "fingerprint": "e79900b9fc5f4e21d5c07c75c6382f2a6fceafd73d1bfc450aab396a0d608adb", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "PASSWORD = \"\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/alexa/const.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 75 more): Same pattern found in 75 additional files. Review if needed."}, "properties": {"repobilityId": 37344, "scanner": "repobility-threat-engine", "fingerprint": "26e3348caefd8072c58b7fc9936c34c5d2500008b7caf95828d0ce0b44ebe1fb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 75 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 75 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|26e3348caefd8072c58b7fc9936c34c5d2500008b7caf95828d0ce0b44ebe1fb"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 37340, "scanner": "repobility-threat-engine", "fingerprint": "07871f2f2d51c51c8dfed34ea234620430442a7d3ea2e03c868a7ef341ab143b", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|07871f2f2d51c51c8dfed34ea234620430442a7d3ea2e03c868a7ef341ab143b"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 37339, "scanner": "repobility-threat-engine", "fingerprint": "90b04e764b91f19d79ffd8f53904c4097afeb99b87c59c6503b842468fb67cd8", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "LOGGER.debug(\"Adax: Failed to login to retrieve token\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|14|logger.debug adax: failed to login to retrieve token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/adax/config_flow.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 37338, "scanner": "repobility-threat-engine", "fingerprint": "19baa85ba48709f236d003139efee6bc2159511a8f7db5201861aa6d804818d7", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "LOGGER.debug(\"Initiating device authorization\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|3|logger.debug initiating device authorization"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/actron_air/config_flow.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "properties": {"repobilityId": 37334, "scanner": "repobility-threat-engine", "fingerprint": "5aa40b36b491eee15ae9d84970b5861216fdf525bca203f6803d3b6fb393c5ae", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5aa40b36b491eee15ae9d84970b5861216fdf525bca203f6803d3b6fb393c5ae", "aggregated_count": 24}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 37333, "scanner": "repobility-threat-engine", "fingerprint": "5b1c6153487d5bce27c8e10ef2f2a3af8649ef460296ce1bbd1a210e0b9c0f63", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b1c6153487d5bce27c8e10ef2f2a3af8649ef460296ce1bbd1a210e0b9c0f63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/agent_dvr/helpers.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 37332, "scanner": "repobility-threat-engine", "fingerprint": "e7a9ada8ea9dbd2196a697e0ce7a1a32d43b1808eb010447b36a7ff2de18caa4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7a9ada8ea9dbd2196a697e0ce7a1a32d43b1808eb010447b36a7ff2de18caa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/adguard/entity.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 37331, "scanner": "repobility-threat-engine", "fingerprint": "2b87b85fb8766901703049daefa754928b80c8c728a30b2acfcc01bb8e07255f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b87b85fb8766901703049daefa754928b80c8c728a30b2acfcc01bb8e07255f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/accuweather/coordinator.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 37330, "scanner": "repobility-threat-engine", "fingerprint": "6a0517607666123049bba71d8922bb1ddf9b10113a595b9ec2315659bfb9500d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6a0517607666123049bba71d8922bb1ddf9b10113a595b9ec2315659bfb9500d", "aggregated_count": 9}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 37329, "scanner": "repobility-threat-engine", "fingerprint": "94937d0d19e00da465cbb325a32017cb6afb487c336b3ee09a96d91e2a3f3289", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94937d0d19e00da465cbb325a32017cb6afb487c336b3ee09a96d91e2a3f3289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/arest/sensor.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 37328, "scanner": "repobility-threat-engine", "fingerprint": "236411d0cb5b09b023fba17cb590556f3abf7a8635e76864fffad384cb8e585e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|236411d0cb5b09b023fba17cb590556f3abf7a8635e76864fffad384cb8e585e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/arest/binary_sensor.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 37327, "scanner": "repobility-threat-engine", "fingerprint": "fb8b73a7062ca7770f44f677bd98fa28e4d525a8300aaa33697c77b79f635b7d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb8b73a7062ca7770f44f677bd98fa28e4d525a8300aaa33697c77b79f635b7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/abode/camera.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 37326, "scanner": "repobility-threat-engine", "fingerprint": "f45ce0522e16a564f2565ddd154fe2d848be426d3c46043ea8132e74d69cb98d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f45ce0522e16a564f2565ddd154fe2d848be426d3c46043ea8132e74d69cb98d"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "properties": {"repobilityId": 37322, "scanner": "repobility-threat-engine", "fingerprint": "e825738ec7da8cc4c5fc1c7b1e2e5ecd54d2b285aea67b38e8160dd59e9efdd5", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e825738ec7da8cc4c5fc1c7b1e2e5ecd54d2b285aea67b38e8160dd59e9efdd5"}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 228 more): Same pattern found in 228 additional files. Review if needed."}, "properties": {"repobilityId": 37318, "scanner": "repobility-threat-engine", "fingerprint": "1fdeb03585f73928e5269da23a0993c47e4cceae500320d03dc315cc81296dc9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 228 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1fdeb03585f73928e5269da23a0993c47e4cceae500320d03dc315cc81296dc9", "aggregated_count": 228}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37317, "scanner": "repobility-threat-engine", "fingerprint": "20d503a8a3df6194a7ddfdd6097957f9e2ae2c951ad0b5826e350973c171085e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|20d503a8a3df6194a7ddfdd6097957f9e2ae2c951ad0b5826e350973c171085e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/abode/__init__.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37316, "scanner": "repobility-threat-engine", "fingerprint": "65ad6f3c1ab3290419f3d674359019ff5a9d0742f0895a9c37d9c63a7893ac23", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65ad6f3c1ab3290419f3d674359019ff5a9d0742f0895a9c37d9c63a7893ac23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/block_async_io.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37315, "scanner": "repobility-threat-engine", "fingerprint": "e4e30127ecabc76235b7cf213c06c821fed29837bbd2752f26f426cc513d832d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4e30127ecabc76235b7cf213c06c821fed29837bbd2752f26f426cc513d832d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/backup_restore.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "properties": {"repobilityId": 37312, "scanner": "repobility-threat-engine", "fingerprint": "40305e59db871118d2c9bfe39ee44ad32afc425a867e231d06a654f8ac176765", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 35 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|40305e59db871118d2c9bfe39ee44ad32afc425a867e231d06a654f8ac176765", "aggregated_count": 35}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37311, "scanner": "repobility-threat-engine", "fingerprint": "de625e515087ed4dd03c32d18e2629c7d208d36ef21cc49099ab46f188758a4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de625e515087ed4dd03c32d18e2629c7d208d36ef21cc49099ab46f188758a4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/providers/__init__.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37310, "scanner": "repobility-threat-engine", "fingerprint": "6e6b5b873702d63020adeac1f9b2e820ad72194f53231650ad5b571fcd8e219d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e6b5b873702d63020adeac1f9b2e820ad72194f53231650ad5b571fcd8e219d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/permissions/__init__.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37309, "scanner": "repobility-threat-engine", "fingerprint": "d7be27098c7cdec827ef1e7d7309e5b65d002f3155ff0d8801cbddc64e6ee5ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d7be27098c7cdec827ef1e7d7309e5b65d002f3155ff0d8801cbddc64e6ee5ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/auth/mfa_modules/__init__.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 303 more): Same pattern found in 303 additional files. Review if needed."}, "properties": {"repobilityId": 37308, "scanner": "repobility-threat-engine", "fingerprint": "b0231dee412d843963b4af99bace15658b132fbe4c5dad202366bbc599bda75c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 303 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "ensure_config_path", "breakdown": {"if": 4, "else": 1, "except": 2, "nested_bonus": 5}, "aggregated": true, "complexity": 12, "correlation_key": "fp|b0231dee412d843963b4af99bace15658b132fbe4c5dad202366bbc599bda75c", "aggregated_count": 303}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.14.5-alpine` not pinned by digest: `FROM python:3.14.5-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 37499, "scanner": "repobility-supply-chain", "fingerprint": "9b10e74234e8b104697cbb3d745c40e63a47323387c60715486eebaa0e5f91b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b10e74234e8b104697cbb3d745c40e63a47323387c60715486eebaa0e5f91b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/hassfest/docker/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/base:debian` not pinned by digest: `FROM mcr.microsoft.com/vscode/devcontainers/base:debian` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 37498, "scanner": "repobility-supply-chain", "fingerprint": "e3d5b4a8c08957c4b0b5cc7166395a82026131d549a499e2f0c323387d1d53f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3d5b4a8c08957c4b0b5cc7166395a82026131d549a499e2f0c323387d1d53f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.dev"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/cdce8p/python-typing-update` pinned to mutable rev `v0.6.0`: `.pre-commit-config.yaml` references `https://github.com/cdce8p/python-typing-update` at `rev: v0.6.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37497, "scanner": "repobility-supply-chain", "fingerprint": "d509dbc9bf97490be3beca7bdf88e660b5623d26b33033609e49934cde6cacdb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d509dbc9bf97490be3beca7bdf88e660b5623d26b33033609e49934cde6cacdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/rbubley/mirrors-prettier` pinned to mutable rev `v3.6.2`: `.pre-commit-config.yaml` references `https://github.com/rbubley/mirrors-prettier` at `rev: v3.6.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37496, "scanner": "repobility-supply-chain", "fingerprint": "585e765f218a25ae6371e31046fdd0e4b20cae96a4fcdab3cc478f501f7b15a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|585e765f218a25ae6371e31046fdd0e4b20cae96a4fcdab3cc478f501f7b15a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/adrienverge/yamllint.git` pinned to mutable rev `v1.38.0`: `.pre-commit-config.yaml` references `https://github.com/adrienverge/yamllint.git` at `rev: v1.38.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37495, "scanner": "repobility-supply-chain", "fingerprint": "15c240e6cbb3372793c5468b069bd9044ae993bb111326b870ffecf2df1173de", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15c240e6cbb3372793c5468b069bd9044ae993bb111326b870ffecf2df1173de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37494, "scanner": "repobility-supply-chain", "fingerprint": "5724b67d513d054f8e1109cd10bcd2e1d30096a0127aa207b7651450bd47bd05", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5724b67d513d054f8e1109cd10bcd2e1d30096a0127aa207b7651450bd47bd05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/zizmorcore/zizmor-pre-commit` pinned to mutable rev `v1.24.1`: `.pre-commit-config.yaml` references `https://github.com/zizmorcore/zizmor-pre-commit` at `rev: v1.24.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37493, "scanner": "repobility-supply-chain", "fingerprint": "76060acbe26a83a4266856fdad707d448d1328c4576031dc33c7f8d233c2331c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76060acbe26a83a4266856fdad707d448d1328c4576031dc33c7f8d233c2331c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.2`: `.pre-commit-config.yaml` references `https://github.com/codespell-project/codespell` at `rev: v2.4.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37492, "scanner": "repobility-supply-chain", "fingerprint": "b4b30433f886a07d05f5fcb8c3b6265fa03dbe33a16b3c40bd953df9af3da2d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b4b30433f886a07d05f5fcb8c3b6265fa03dbe33a16b3c40bd953df9af3da2d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.13`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.15.13`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 37491, "scanner": "repobility-supply-chain", "fingerprint": "2268d96db153b21298fb001a863e187db6b57fc95393d15e4fbee2e12c3fb45c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2268d96db153b21298fb001a863e187db6b57fc95393d15e4fbee2e12c3fb45c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.exceptions.ConnectionError` inside async function `test_connection_error`: `requests.exceptions.ConnectionError` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37486, "scanner": "repobility-ast-engine", "fingerprint": "cb06da2615ce4315704dbc6d6e213e4fd38eae1d9a24b9679d8c17845bc70ce4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb06da2615ce4315704dbc6d6e213e4fd38eae1d9a24b9679d8c17845bc70ce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/upcloud/test_config_flow.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.exceptions.ConnectionError` inside async function `test_state_unavailable`: `requests.exceptions.ConnectionError` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37483, "scanner": "repobility-ast-engine", "fingerprint": "afe7c017014373e041ed1812f30958274a52a11e70944d73e78121b901895bac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afe7c017014373e041ed1812f30958274a52a11e70944d73e78121b901895bac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/guntamatic/test_sensor.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.exceptions.ConnectionError` inside async function `test_setup_entry_fails`: `requests.exceptions.ConnectionError` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37482, "scanner": "repobility-ast-engine", "fingerprint": "b7f0289f1639e0ffd9a9ae150ada883143c51f101f37c614139675ff039b09aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7f0289f1639e0ffd9a9ae150ada883143c51f101f37c614139675ff039b09aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/guntamatic/test_init.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_metadata_downloads_are_sequential`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37480, "scanner": "repobility-ast-engine", "fingerprint": "830f13cd77585b1755add1206900ee34e0e4c614717f178485759bada88292e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|830f13cd77585b1755add1206900ee34e0e4c614717f178485759bada88292e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/backblaze_b2/test_backup.py"}, "region": {"startLine": 918}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_overall_timeout_reached`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37475, "scanner": "repobility-ast-engine", "fingerprint": "31a5ef4bed9577c3bcc92618a7bc0260d9366980d99fd719dd729df68d9cad06", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31a5ef4bed9577c3bcc92618a7bc0260d9366980d99fd719dd729df68d9cad06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_executor.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_executor_shutdown_only_logs_max_attempts`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37474, "scanner": "repobility-ast-engine", "fingerprint": "9b62e5e61349385dfd3c08d14268ee7a685a6fbfdd1a016c81f58bd78c08d27a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b62e5e61349385dfd3c08d14268ee7a685a6fbfdd1a016c81f58bd78c08d27a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_executor.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_executor_shutdown_can_interrupt_threads`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37473, "scanner": "repobility-ast-engine", "fingerprint": "d6e6770e93a06d8cdb2e444519ef8055047671332426770b3a70fc9eabfc4914", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6e6770e93a06d8cdb2e444519ef8055047671332426770b3a70fc9eabfc4914"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_executor.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_mix_global_timeout_freeze_and_zone_freeze_executor_2nd_outside_zone`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37472, "scanner": "repobility-ast-engine", "fingerprint": "ebff7787bcb6bc599eeefe8ea97fc0ababa4c5d603b45ba6b46efc814285c083", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebff7787bcb6bc599eeefe8ea97fc0ababa4c5d603b45ba6b46efc814285c083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_mix_global_timeout_freeze_and_zone_freeze_other_zone_inside_executor_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37471, "scanner": "repobility-ast-engine", "fingerprint": "3e6916025805b658c590d04e5c6e241711592310743c042c55b2f7de5d3f956f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e6916025805b658c590d04e5c6e241711592310743c042c55b2f7de5d3f956f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_mix_global_timeout_freeze_and_zone_freeze_different_order`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37470, "scanner": "repobility-ast-engine", "fingerprint": "a51940a04ed3113e2a23fa04792564b642f675c5d1afa439b8f59185fd50091f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a51940a04ed3113e2a23fa04792564b642f675c5d1afa439b8f59185fd50091f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_mix_global_timeout_freeze_and_zone_freeze_inside_executor_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37469, "scanner": "repobility-ast-engine", "fingerprint": "b53cccfb089b65fda2ae8bf98ed14bd04cf7c22e701a2b99064a32bb6c682bb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b53cccfb089b65fda2ae8bf98ed14bd04cf7c22e701a2b99064a32bb6c682bb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_simple_global_timeout_freeze_inside_executor_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37468, "scanner": "repobility-ast-engine", "fingerprint": "95c78fbbd99386b2640a837b98d45e8682415f6a2025c4bc076c848b3821c2d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95c78fbbd99386b2640a837b98d45e8682415f6a2025c4bc076c848b3821c2d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_simple_zone_timeout_freeze_inside_executor_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37467, "scanner": "repobility-ast-engine", "fingerprint": "343e95fc4024f41dfeeb5468686bcd845de7ea7fb70a4596d1b1b590d5be674c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|343e95fc4024f41dfeeb5468686bcd845de7ea7fb70a4596d1b1b590d5be674c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/util/test_timeout.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_import_module_concurrency`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37464, "scanner": "repobility-ast-engine", "fingerprint": "720a3f1e8137b23b0c03aedf40ebfd11845243e2cbaaf1e90a5fc82df584234d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|720a3f1e8137b23b0c03aedf40ebfd11845243e2cbaaf1e90a5fc82df584234d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_importlib.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_add_executor_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37457, "scanner": "repobility-ast-engine", "fingerprint": "4188ab89e08f020ae003ff13cd16605d828b2bfc61b351a36c2c415d52bf87de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4188ab89e08f020ae003ff13cd16605d828b2bfc61b351a36c2c415d52bf87de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core.py"}, "region": {"startLine": 616}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_add_executor_job_background`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37456, "scanner": "repobility-ast-engine", "fingerprint": "180f722cdcbbad21b956761caaeea0e66ea2a500dee41a484f26f1d99999406e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|180f722cdcbbad21b956761caaeea0e66ea2a500dee41a484f26f1d99999406e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core.py"}, "region": {"startLine": 595}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_protect_loop_sleep_get_current_frame_raises`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37455, "scanner": "repobility-ast-engine", "fingerprint": "83c0b706775511948aeea64277cc5cdcae8fd33557a046eded7a5ce1b3d108d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83c0b706775511948aeea64277cc5cdcae8fd33557a046eded7a5ce1b3d108d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_block_async_io.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_protect_loop_sleep`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37454, "scanner": "repobility-ast-engine", "fingerprint": "1d84950d097a5ea5646253f471e0ac8919060fa30285d6889a7d2800fec3c5f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d84950d097a5ea5646253f471e0ac8919060fa30285d6889a7d2800fec3c5f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_block_async_io.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_protect_loop_debugger_sleep`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 37453, "scanner": "repobility-ast-engine", "fingerprint": "ee700d4da489ad7e706ccd7a495d24a40ed910921b31337fa964d84923dd454d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee700d4da489ad7e706ccd7a495d24a40ed910921b31337fa964d84923dd454d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_block_async_io.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_deprecated_disabled_by_str_set: Test function `test_deprecated_disabled_by_str_set` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37448, "scanner": "repobility-ast-engine", "fingerprint": "3f93bc1e9cf0703383e1c3406b3ce1179cc3fda62ced72778f5828bffce9772d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f93bc1e9cf0703383e1c3406b3ce1179cc3fda62ced72778f5828bffce9772d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 6114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_deprecated_disabled_by_str_ctor: Test function `test_deprecated_disabled_by_str_ctor` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37447, "scanner": "repobility-ast-engine", "fingerprint": "dc367e7b977c2b6eda5d6c4c798dfcc61b349d529042d748aad044ff9f8526f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc367e7b977c2b6eda5d6c4c798dfcc61b349d529042d748aad044ff9f8526f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 6106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scheduling_reload_unknown_entry: Test function `test_scheduling_reload_unknown_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37446, "scanner": "repobility-ast-engine", "fingerprint": "0d08e714a003a0c86c5d9c0244eee2aeb8a5def47b972405ac84c2dc41e193b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d08e714a003a0c86c5d9c0244eee2aeb8a5def47b972405ac84c2dc41e193b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 5830}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_id_existing_entry: Test function `test_entry_id_existing_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37445, "scanner": "repobility-ast-engine", "fingerprint": "40888dde0ac1d87023c3c135a3817fab3407c8d3ead89e3e8e51e61d71315eb7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40888dde0ac1d87023c3c135a3817fab3407c8d3ead89e3e8e51e61d71315eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 3736}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_init_custom_integration_with_missing_handler: Test function `test_init_custom_integration_with_missing_handler` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37444, "scanner": "repobility-ast-engine", "fingerprint": "b909d8b7688176e03cb35a9c79eef7f218ad093cb36c173bbdb4bd4dfc387b89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b909d8b7688176e03cb35a9c79eef7f218ad093cb36c173bbdb4bd4dfc387b89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 3546}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_init_custom_integration: Test function `test_init_custom_integration` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37443, "scanner": "repobility-ast-engine", "fingerprint": "a5a25b37f3571e6c8f29dfe815ca80a7c99f7a43b96bfe03690d8ffe490b8152", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5a25b37f3571e6c8f29dfe815ca80a7c99f7a43b96bfe03690d8ffe490b8152"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 3528}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_unsupported: Test function `test_entry_subentry_unsupported` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37442, "scanner": "repobility-ast-engine", "fingerprint": "cf09a5a09f546d33eb14eaecd0a6c52a9ace9a35b75398470c55b6bf60187afd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf09a5a09f546d33eb14eaecd0a6c52a9ace9a35b75398470c55b6bf60187afd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2992}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_unsupported_subentry_type: Test function `test_entry_subentry_unsupported_subentry_type` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37441, "scanner": "repobility-ast-engine", "fingerprint": "9c5802b1c28a33f58a2e0acf5443e0c3564f42aba57bfea846995d3ab691729b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c5802b1c28a33f58a2e0acf5443e0c3564f42aba57bfea846995d3ab691729b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2956}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_deleted_config_entry: Test function `test_entry_subentry_deleted_config_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37440, "scanner": "repobility-ast-engine", "fingerprint": "a333830a4d45a80f9c93c557b98053b6421a8d66d951d76265494ea622806b41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a333830a4d45a80f9c93c557b98053b6421a8d66d951d76265494ea622806b41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2913}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_unknown_config_entry: Test function `test_entry_subentry_unknown_config_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37439, "scanner": "repobility-ast-engine", "fingerprint": "eeeb8b69defc6536fee443fdd4ae5dbf24ddca5441edd4cbc2e236901bbae7ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eeeb8b69defc6536fee443fdd4ae5dbf24ddca5441edd4cbc2e236901bbae7ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2900}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_duplicate: Test function `test_entry_subentry_duplicate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37438, "scanner": "repobility-ast-engine", "fingerprint": "4a6dd46170c1a20264936265c34c58e5256229c683b5ffa524e8198200925e68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a6dd46170c1a20264936265c34c58e5256229c683b5ffa524e8198200925e68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2810}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_no_context: Test function `test_entry_subentry_no_context` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37437, "scanner": "repobility-ast-engine", "fingerprint": "6a11c9658d6195fb2254acec868a5909e362e19021f7c00fc842c8dc51fd8631", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a11c9658d6195fb2254acec868a5909e362e19021f7c00fc842c8dc51fd8631"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2778}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_subentry_non_string: Test function `test_entry_subentry_non_string` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37436, "scanner": "repobility-ast-engine", "fingerprint": "287f7e38078dde9bf3805568e87054fcc3a92f9a84a409351d27239ee260e512", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|287f7e38078dde9bf3805568e87054fcc3a92f9a84a409351d27239ee260e512"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2736}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_entry_options_unknown_config_entry: Test function `test_entry_options_unknown_config_entry` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37435, "scanner": "repobility-ast-engine", "fingerprint": "d0dd5f60d86b411d540b83a32981c06c6a872bbbb9be8a552ffd3958f3b82ccd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0dd5f60d86b411d540b83a32981c06c6a872bbbb9be8a552ffd3958f3b82ccd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_entries.py"}, "region": {"startLine": 2547}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_config_folder_not_in_path: Test function `test_config_folder_not_in_path` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37433, "scanner": "repobility-ast-engine", "fingerprint": "b3b65615ec93f737325f9c55e800f971d1ce0153e25e627b7a7b0c383f9e8baa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3b65615ec93f737325f9c55e800f971d1ce0153e25e627b7a7b0c383f9e8baa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_loader.py"}, "region": {"startLine": 1292}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validation: Test function `test_validation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37432, "scanner": "repobility-ast-engine", "fingerprint": "32868716eabb754d42a7be45c66aae3f944cf3f86e5bee17d50653fdf331c70c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32868716eabb754d42a7be45c66aae3f944cf3f86e5bee17d50653fdf331c70c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_loader.py"}, "region": {"startLine": 1097}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_custom_integration_missing: Test function `test_custom_integration_missing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37431, "scanner": "repobility-ast-engine", "fingerprint": "7f7c57b1bb3572d4d552560f9ccdc0c29f926ed4fd2e702b114e43db73e749ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f7c57b1bb3572d4d552560f9ccdc0c29f926ed4fd2e702b114e43db73e749ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_loader.py"}, "region": {"startLine": 1085}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_custom_integration_missing_version: Test function `test_custom_integration_missing_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37430, "scanner": "repobility-ast-engine", "fingerprint": "5808a127f2e2f3bd544e65feb1070ac5f0349bf4e083ea10b4217b46c9c422d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5808a127f2e2f3bd544e65feb1070ac5f0349bf4e083ea10b4217b46c9c422d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_loader.py"}, "region": {"startLine": 1076}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_bad_timezone_raises_value_error: Test function `test_bad_timezone_raises_value_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37429, "scanner": "repobility-ast-engine", "fingerprint": "b913383751047f34b8990025ad1aaf80a4c8a88bb76819298d72b317ff2a59ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b913383751047f34b8990025ad1aaf80a4c8a88bb76819298d72b317ff2a59ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 1019}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_disallowed_duplicated_auth_mfa_module_config: Test function `test_disallowed_duplicated_auth_mfa_module_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37428, "scanner": "repobility-ast-engine", "fingerprint": "e8b19dd5c251fd4ee293b851be5fe27e24b4e49771c28610ff7633079fa7d002", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8b19dd5c251fd4ee293b851be5fe27e24b4e49771c28610ff7633079fa7d002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 727}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_disallowed_auth_mfa_module_config: Test function `test_disallowed_auth_mfa_module_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37427, "scanner": "repobility-ast-engine", "fingerprint": "c2a763ac1ea2afbfc720ac2dc0f167446c0b7beb47bf877442f7413d6959a71d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2a763ac1ea2afbfc720ac2dc0f167446c0b7beb47bf877442f7413d6959a71d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 707}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_disallowed_duplicated_auth_provider_config: Test function `test_disallowed_duplicated_auth_provider_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37426, "scanner": "repobility-ast-engine", "fingerprint": "a4a86652c773fad68aab1097ac53257ef89c6ede94ec6a0e71d16e884d369365", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4a86652c773fad68aab1097ac53257ef89c6ede94ec6a0e71d16e884d369365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 692}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_disallowed_auth_provider_config: Test function `test_disallowed_auth_provider_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37425, "scanner": "repobility-ast-engine", "fingerprint": "5e559e7c162517d8ca9894a26e56feb1ec7c0128437d433982ba186ac987f941", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e559e7c162517d8ca9894a26e56feb1ec7c0128437d433982ba186ac987f941"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 666}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_loading_configuration_from_packages: Test function `test_loading_configuration_from_packages` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37424, "scanner": "repobility-ast-engine", "fingerprint": "b111c73d5c0b99fc7ef988b9019c4042b6b5a228a9e859cfbabe42f253f9309d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b111c73d5c0b99fc7ef988b9019c4042b6b5a228a9e859cfbabe42f253f9309d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 533}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_core_config_schema: Test function `test_core_config_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 37423, "scanner": "repobility-ast-engine", "fingerprint": "a432e601ba965af82922e3680ea5562c4ad0203d30c44476e40650cd0544ca74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a432e601ba965af82922e3680ea5562c4ad0203d30c44476e40650cd0544ca74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core_config.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_flow_handler_to_flow_result` used but never assigned in __init__: Method `async_progress_by_handler` of class `FlowManager` reads `self._async_flow_handler_to_flow_result`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37422, "scanner": "repobility-ast-engine", "fingerprint": "41f004efcf5758a4508924c99e185e915526bd1a1aecc7a809fad382288ad4bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41f004efcf5758a4508924c99e185e915526bd1a1aecc7a809fad382288ad4bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/data_entry_flow.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_flow_handler_to_flow_result` used but never assigned in __init__: Method `async_progress` of class `FlowManager` reads `self._async_flow_handler_to_flow_result`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37421, "scanner": "repobility-ast-engine", "fingerprint": "a6520d8fd996a0139ac026a16f295508963b91cb6e0541d16695132354725ea7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6520d8fd996a0139ac026a16f295508963b91cb6e0541d16695132354725ea7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/data_entry_flow.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_flow_handler_to_flow_result` used but never assigned in __init__: Method `async_get` of class `FlowManager` reads `self._async_flow_handler_to_flow_result`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37420, "scanner": "repobility-ast-engine", "fingerprint": "65484ef250a4e0d99333998306f048dab5edfdda9c32f10150e99df79cee9627", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65484ef250a4e0d99333998306f048dab5edfdda9c32f10150e99df79cee9627"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/data_entry_flow.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._loop_factory` used but never assigned in __init__: Method `loop_name` of class `HassEventLoopPolicy` reads `self._loop_factory`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37419, "scanner": "repobility-ast-engine", "fingerprint": "a38ce458874922b1b15845a0853759a070a7a13b92ec316ebde5dfcf5a560d2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a38ce458874922b1b15845a0853759a070a7a13b92ec316ebde5dfcf5a560d2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/runner.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_dispatch` used but never assigned in __init__: Method `async_stop` of class `_WatchPendingSetups` reads `self._async_dispatch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37417, "scanner": "repobility-ast-engine", "fingerprint": "fae551e7ac91778681949b8683804a302eceee234455aa9be4244a9f9c71b918", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fae551e7ac91778681949b8683804a302eceee234455aa9be4244a9f9c71b918"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/bootstrap.py"}, "region": {"startLine": 1052}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_schedule_next` used but never assigned in __init__: Method `async_start` of class `_WatchPendingSetups` reads `self._async_schedule_next`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37416, "scanner": "repobility-ast-engine", "fingerprint": "657263dbae2948713eb273564d39bbaa355e73be385a1e0c38f84d1a21d8c33a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|657263dbae2948713eb273564d39bbaa355e73be385a1e0c38f84d1a21d8c33a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/bootstrap.py"}, "region": {"startLine": 1048}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_watch` used but never assigned in __init__: Method `_async_schedule_next` of class `_WatchPendingSetups` reads `self._async_watch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37415, "scanner": "repobility-ast-engine", "fingerprint": "643ae97a494e4bf42cc43a1f57a1de8fe9c259946c9b60f41887377277b51320", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|643ae97a494e4bf42cc43a1f57a1de8fe9c259946c9b60f41887377277b51320"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/bootstrap.py"}, "region": {"startLine": 1043}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_schedule_next` used but never assigned in __init__: Method `_async_watch` of class `_WatchPendingSetups` reads `self._async_schedule_next`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37414, "scanner": "repobility-ast-engine", "fingerprint": "4d846386ead3e0d861d7e5dffaf2cb21bcba2be1341f1178c11982c15706f403", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d846386ead3e0d861d7e5dffaf2cb21bcba2be1341f1178c11982c15706f403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/bootstrap.py"}, "region": {"startLine": 1030}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_dispatch` used but never assigned in __init__: Method `_async_watch` of class `_WatchPendingSetups` reads `self._async_dispatch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37413, "scanner": "repobility-ast-engine", "fingerprint": "df912f3f35d7ee5fe220f1ae493c497d2265aed7a9ad23e8ac24a8ad91ca169c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df912f3f35d7ee5fe220f1ae493c497d2265aed7a9ad23e8ac24a8ad91ca169c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/bootstrap.py"}, "region": {"startLine": 1017}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.type` used but never assigned in __init__: Method `output` of class `ConditionErrorIndex` reads `self.type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37412, "scanner": "repobility-ast-engine", "fingerprint": "7233b500bf443b518af389a9467af199045ea1080c88b93aa3c176289ddcaf4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7233b500bf443b518af389a9467af199045ea1080c88b93aa3c176289ddcaf4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.type` used but never assigned in __init__: Method `output` of class `ConditionErrorIndex` reads `self.type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37411, "scanner": "repobility-ast-engine", "fingerprint": "d5547b948f90263ac5426330d255b1dc668bad8b0b6e8b37e6a134c6be5b3ea5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5547b948f90263ac5426330d255b1dc668bad8b0b6e8b37e6a134c6be5b3ea5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._indent` used but never assigned in __init__: Method `output` of class `ConditionErrorIndex` reads `self._indent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37410, "scanner": "repobility-ast-engine", "fingerprint": "09d40400fd3f411b361c60add1b5ac51605c2289c5018b56eb898a4bae67b882", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09d40400fd3f411b361c60add1b5ac51605c2289c5018b56eb898a4bae67b882"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._indent` used but never assigned in __init__: Method `output` of class `ConditionErrorIndex` reads `self._indent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37409, "scanner": "repobility-ast-engine", "fingerprint": "1466e0e41dc504bb02bfe11788bef0514e7a811126178a8fdae49908a1a8a813", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1466e0e41dc504bb02bfe11788bef0514e7a811126178a8fdae49908a1a8a813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.type` used but never assigned in __init__: Method `output` of class `ConditionErrorMessage` reads `self.type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37408, "scanner": "repobility-ast-engine", "fingerprint": "7ecc12b58fa4703c63e1c41f57ce34f5cfb639eb6b53e8e3649f39d73e365c35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ecc12b58fa4703c63e1c41f57ce34f5cfb639eb6b53e8e3649f39d73e365c35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._indent` used but never assigned in __init__: Method `output` of class `ConditionErrorMessage` reads `self._indent`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37407, "scanner": "repobility-ast-engine", "fingerprint": "018dfbae53f884bdabdef2e4bf238e72a732060da87e89365cc6dab914d239c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|018dfbae53f884bdabdef2e4bf238e72a732060da87e89365cc6dab914d239c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output` used but never assigned in __init__: Method `__str__` of class `ConditionError` reads `self.output`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37406, "scanner": "repobility-ast-engine", "fingerprint": "cadc1bf1bfdda61ab4428b850dd4192d0d853e1abcb3069dd06372546acb8806", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cadc1bf1bfdda61ab4428b850dd4192d0d853e1abcb3069dd06372546acb8806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/exceptions.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_process_requirements` used but never assigned in __init__: Method `async_process_requirements` of class `RequirementsManager` reads `self._async_process_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37404, "scanner": "repobility-ast-engine", "fingerprint": "e5778bb869fe73b6d2232009ff7c91a29959dabca25e2378acc8972cf792aadb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5778bb869fe73b6d2232009ff7c91a29959dabca25e2378acc8972cf792aadb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_missing_requirements` used but never assigned in __init__: Method `async_process_requirements` of class `RequirementsManager` reads `self._find_missing_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37403, "scanner": "repobility-ast-engine", "fingerprint": "2be8b0757b1f3e611c79f6662be5722ddfd45c8626399909fa6e0c2129c93b54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2be8b0757b1f3e611c79f6662be5722ddfd45c8626399909fa6e0c2129c93b54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_missing_requirements` used but never assigned in __init__: Method `async_process_requirements` of class `RequirementsManager` reads `self._find_missing_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37402, "scanner": "repobility-ast-engine", "fingerprint": "672a5c8f70c2c3e9882b6c99518e23af1b4dc4ca9d0caee79a887aa2943733f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|672a5c8f70c2c3e9882b6c99518e23af1b4dc4ca9d0caee79a887aa2943733f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._raise_for_failed_requirements` used but never assigned in __init__: Method `async_process_requirements` of class `RequirementsManager` reads `self._raise_for_failed_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37401, "scanner": "repobility-ast-engine", "fingerprint": "d4a38c3324213d965c490e4e70001a0a77d97e60a7c4c4ce5aa97b5904c1a6f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4a38c3324213d965c490e4e70001a0a77d97e60a7c4c4ce5aa97b5904c1a6f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.async_get_integration_with_requirements` used but never assigned in __init__: Method `_async_process_integration` of class `RequirementsManager` reads `self.async_get_integration_with_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37400, "scanner": "repobility-ast-engine", "fingerprint": "d9e7551296129f897e94440488185fe4d7a68b420f6fffa7fd0da9758d0f985d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9e7551296129f897e94440488185fe4d7a68b420f6fffa7fd0da9758d0f985d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.async_process_requirements` used but never assigned in __init__: Method `_async_process_integration` of class `RequirementsManager` reads `self.async_process_requirements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37399, "scanner": "repobility-ast-engine", "fingerprint": "3e098df31e8fc58a92bfffd2f2f67fda6ede45cc707a8c96942926bd6c7c8c3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e098df31e8fc58a92bfffd2f2f67fda6ede45cc707a8c96942926bd6c7c8c3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._async_process_integration` used but never assigned in __init__: Method `async_get_integration_with_requirements` of class `RequirementsManager` reads `self._async_process_integration`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37398, "scanner": "repobility-ast-engine", "fingerprint": "96cd64d7d04f8059f43a30ea05a583f4982e0fdfb2d3e0b48f9f9409623effda", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96cd64d7d04f8059f43a30ea05a583f4982e0fdfb2d3e0b48f9f9409623effda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/requirements.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.total_tests` used but never assigned in __init__: Method `__repr__` of class `TestFolder` reads `self.total_tests`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37397, "scanner": "repobility-ast-engine", "fingerprint": "e83efbee69291e234878c94c77b0ea7c7ed528bfb25c1f89b761b89b760b3057", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e83efbee69291e234878c94c77b0ea7c7ed528bfb25c1f89b761b89b760b3057"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/split_tests.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.added_to_bucket` used but never assigned in __init__: Method `add_to_bucket` of class `TestFolder` reads `self.added_to_bucket`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 37396, "scanner": "repobility-ast-engine", "fingerprint": "dca56c1a4e773f8ce6b5464e8126481d89a397e0e8ac0611615f0acecda05bd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dca56c1a4e773f8ce6b5464e8126481d89a397e0e8ac0611615f0acecda05bd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "script/split_tests.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 37393, "scanner": "repobility-docker", "fingerprint": "f14337a2176ce1dc8cd8e73655774778164a6136970813b8a79fb67c9f5824ee", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f14337a2176ce1dc8cd8e73655774778164a6136970813b8a79fb67c9f5824ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.dev"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 37368, "scanner": "repobility-threat-engine", "fingerprint": "fd3111349c64490f4fb7f20f8e05684d213cf93352f5c9b04d2efd2bd3262af9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd3111349c64490f4fb7f20f8e05684d213cf93352f5c9b04d2efd2bd3262af9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/ecovacs/controller.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 37367, "scanner": "repobility-threat-engine", "fingerprint": "87b24863df444dc1cdc216d55163c83878cc9698470797120ef600aabc2179a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87b24863df444dc1cdc216d55163c83878cc9698470797120ef600aabc2179a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/ecovacs/config_flow.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 37364, "scanner": "repobility-threat-engine", "fingerprint": "55e2a1b31ce471295f2d8708575c79000b360e4da011c516525c49d0ec697b1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55e2a1b31ce471295f2d8708575c79000b360e4da011c516525c49d0ec697b1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/command_line/notify.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 37359, "scanner": "repobility-threat-engine", "fingerprint": "386bf83afe68e12fdb139f2b332995d9d8fdeafd6d6b133b96aa02bdf8e915bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|386bf83afe68e12fdb139f2b332995d9d8fdeafd6d6b133b96aa02bdf8e915bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/august/config_flow.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37355, "scanner": "repobility-threat-engine", "fingerprint": "a8808854e272e7cb90848746f6e1838c2b35bdaae288e31a85062a1a8821b76d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8808854e272e7cb90848746f6e1838c2b35bdaae288e31a85062a1a8821b76d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/datadog/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37354, "scanner": "repobility-threat-engine", "fingerprint": "f587d1ecc43285ee79f8ad7bc3d38b9d237ca2ef358e96c159cc6c0eae77b840", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f587d1ecc43285ee79f8ad7bc3d38b9d237ca2ef358e96c159cc6c0eae77b840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/backup/http.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37353, "scanner": "repobility-threat-engine", "fingerprint": "561dd0deb65dff8d555df79efd7c647cecee5490fada8724324bb18d8a2ad49d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|561dd0deb65dff8d555df79efd7c647cecee5490fada8724324bb18d8a2ad49d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/arcam_fmj/__init__.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 37343, "scanner": "repobility-threat-engine", "fingerprint": "6dad6e13f90b2c92806956fcee28b06e71c31c844395cd1a0311688974197533", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "added_systems.update(new_systems)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6dad6e13f90b2c92806956fcee28b06e71c31c844395cd1a0311688974197533"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airzone/binary_sensor.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 37342, "scanner": "repobility-threat-engine", "fingerprint": "2a770cb883095f3a09f96651691a884bb0378bbb39f460d719802641387b6ecb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self._attr_extra_state_attributes.update(\n {\n ATTR_POL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2a770cb883095f3a09f96651691a884bb0378bbb39f460d719802641387b6ecb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airvisual/sensor.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 37341, "scanner": "repobility-threat-engine", "fingerprint": "d8a9662c139d022f5f016a0682cbd9788741bb39bd44509bd53f99f902934e86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.device_info.update(\n DeviceInfo(\n name=info[\"name", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8a9662c139d022f5f016a0682cbd9788741bb39bd44509bd53f99f902934e86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/airq/coordinator.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 37337, "scanner": "repobility-threat-engine", "fingerprint": "3a70a54bc1a066d65c10a455127e6f1ae0139edf512735596e5903a737f36c31", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "LOGGER.debug(\"Logged in using: %s\", self.refresh_token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|7|logger.debug logged in using: s self.refresh_token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/aquacell/coordinator.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 37336, "scanner": "repobility-threat-engine", "fingerprint": "b301210331360d27dbdaf7879824a3f1118b22214298f0b49971409faad4c579", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\n r\"filename=(\\S+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|77|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/downloader/services.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 37335, "scanner": "repobility-threat-engine", "fingerprint": "55f9510c84bcb979e0d33f7ce5fb230634ba4aa7573bd48b7d2f49543cc0d615", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": ".search(r\"\\r(.+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|121|sec103", "duplicate_count": 1, "duplicate_rule_ids": ["SEC103"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["55f9510c84bcb979e0d33f7ce5fb230634ba4aa7573bd48b7d2f49543cc0d615", "8aeb49c70aba3c65c8d4f716b0e68c62aceeb97a21bd542ec8e7301d03ca5acc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/acer_projector/switch.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 37325, "scanner": "repobility-threat-engine", "fingerprint": "7ad4bb53c395f4fa39adf392f43b9d65f4fa0170e6b689aeb998f342879aa322", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7ad4bb53c395f4fa39adf392f43b9d65f4fa0170e6b689aeb998f342879aa322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/clicksend_tts/notify.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 37324, "scanner": "repobility-threat-engine", "fingerprint": "9a8039a239bfd67c6de49aeffa0aeb1ce563d975e01208179596c8dd63b95113", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a8039a239bfd67c6de49aeffa0aeb1ce563d975e01208179596c8dd63b95113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/clicksend/notify.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 37323, "scanner": "repobility-threat-engine", "fingerprint": "84d06d6a94b0e19d2655987e3b2691b1a47eba22cf1a35a3653cfa8035f0187c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84d06d6a94b0e19d2655987e3b2691b1a47eba22cf1a35a3653cfa8035f0187c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/abode/camera.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37321, "scanner": "repobility-threat-engine", "fingerprint": "fe85a164b4eed98a7b05c467711a7aba63abfd45f1790957e18e549f28eaf884", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe85a164b4eed98a7b05c467711a7aba63abfd45f1790957e18e549f28eaf884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/acer_projector/switch.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37320, "scanner": "repobility-threat-engine", "fingerprint": "0b2fdb4207d8217a6d8b3962f82809639b485567c5dcb7ea326a8685e8389408", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b2fdb4207d8217a6d8b3962f82809639b485567c5dcb7ea326a8685e8389408"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/accuweather/system_health.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37319, "scanner": "repobility-threat-engine", "fingerprint": "f2c549760bb783b9702ab02ded8b359a3683882c2bf2204ac2588ed2fc7a9dcb", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(\n self._device.image_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2c549760bb783b9702ab02ded8b359a3683882c2bf2204ac2588ed2fc7a9dcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/abode/camera.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 37314, "scanner": "repobility-threat-engine", "fingerprint": "cb0c84224aadeb621de30e34903e2536f1b7a476f243dc1a998ce376513da798", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(\n path=Path(tempdir, \"extracted\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cb0c84224aadeb621de30e34903e2536f1b7a476f243dc1a998ce376513da798"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/backup_restore.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 37501, "scanner": "repobility-supply-chain", "fingerprint": "156cf2ac8a6c515cb7aff1171b18dfb72f8a953acc4a082e2ff9c8115d7d5888", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|156cf2ac8a6c515cb7aff1171b18dfb72f8a953acc4a082e2ff9c8115d7d5888"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 1598}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 37500, "scanner": "repobility-supply-chain", "fingerprint": "7bfa8fae2ec719f96676556e5dc6319cdc9e90c802f9f26365b65f2a2c6aebb1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bfa8fae2ec719f96676556e5dc6319cdc9e90c802f9f26365b65f2a2c6aebb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 1428}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37490, "scanner": "repobility-ast-engine", "fingerprint": "5698e8aeadcf85373028bd2fd3075341657a44df86f05f4390126455087f07df", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5698e8aeadcf85373028bd2fd3075341657a44df86f05f4390126455087f07df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/mqtt_statestream/test_init.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `uuid` used but not imported: The file uses `uuid.something(...)` but never imports `uuid`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37489, "scanner": "repobility-ast-engine", "fingerprint": "cf53a950da1fdad325635058a4603205361147e0648baa1469b85e6b19eca039", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf53a950da1fdad325635058a4603205361147e0648baa1469b85e6b19eca039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/hassio/test_discovery.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `uuid` used but not imported: The file uses `uuid.something(...)` but never imports `uuid`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37488, "scanner": "repobility-ast-engine", "fingerprint": "d06b68d87caadc4ea074977e537a8b6dfac420b991b06ec21e25e3827f65138d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d06b68d87caadc4ea074977e537a8b6dfac420b991b06ec21e25e3827f65138d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/hassio/test_issues.py"}, "region": {"startLine": 405}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37487, "scanner": "repobility-ast-engine", "fingerprint": "4214a4b805a7be7ee381a0803f5d202ce128d37572cf3f016f8905446e3c92bd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4214a4b805a7be7ee381a0803f5d202ce128d37572cf3f016f8905446e3c92bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/samsungtv/test_trigger.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37485, "scanner": "repobility-ast-engine", "fingerprint": "a3908ef5fc3d9435e021323ff58f07abf4ca76dacaede5bb86f35f4a60329775", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3908ef5fc3d9435e021323ff58f07abf4ca76dacaede5bb86f35f4a60329775"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/broadlink/test_time.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `select` used but not imported: The file uses `select.something(...)` but never imports `select`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37484, "scanner": "repobility-ast-engine", "fingerprint": "07390db3a17ac5c65bec01dabdaebde2090ca11a4f5a5c3704e43520244a38b0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07390db3a17ac5c65bec01dabdaebde2090ca11a4f5a5c3704e43520244a38b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/broadlink/test_select.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37481, "scanner": "repobility-ast-engine", "fingerprint": "073147e24ed9c37a1a94c1b38c7a481e52f074a5dce678e004de821807386930", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|073147e24ed9c37a1a94c1b38c7a481e52f074a5dce678e004de821807386930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/arcam_fmj/conftest.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37479, "scanner": "repobility-ast-engine", "fingerprint": "cb3ebd85f46c11bbfcabfccee66107c72eaf2fe29406c59e65f3481a35a6fc8c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb3ebd85f46c11bbfcabfccee66107c72eaf2fe29406c59e65f3481a35a6fc8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/unifiprotect/utils.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37478, "scanner": "repobility-ast-engine", "fingerprint": "c70f11ebb3ed975a2c4100210c1e71f45ab29720540eb88d75a7d217adeede5f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c70f11ebb3ed975a2c4100210c1e71f45ab29720540eb88d75a7d217adeede5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/qbus/test_climate.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `select` used but not imported: The file uses `select.something(...)` but never imports `select`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37477, "scanner": "repobility-ast-engine", "fingerprint": "2793dc2c4d74bb36b993605eab7897412ba984f05cbde9bacf6e485ae511b580", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2793dc2c4d74bb36b993605eab7897412ba984f05cbde9bacf6e485ae511b580"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/litterrobot/test_select.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37476, "scanner": "repobility-ast-engine", "fingerprint": "239a71635c564fe6f558e3c5439b88ea30e3c16a8a02a53f13bc01b7cdeccd2a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|239a71635c564fe6f558e3c5439b88ea30e3c16a8a02a53f13bc01b7cdeccd2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/components/rss_feed_template/test_init.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37466, "scanner": "repobility-ast-engine", "fingerprint": "289f55972d24cdc9a6a566231f336b903250a8e9350df18a821abed05c4dd141", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|289f55972d24cdc9a6a566231f336b903250a8e9350df18a821abed05c4dd141"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/scripts/test_check_config.py"}, "region": {"startLine": 658}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37465, "scanner": "repobility-ast-engine", "fingerprint": "77e8ffed7bcfb6c6e9873ee7e38f28761086d5b259ed7f6e0f98932428951638", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77e8ffed7bcfb6c6e9873ee7e38f28761086d5b259ed7f6e0f98932428951638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_dispatcher.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37463, "scanner": "repobility-ast-engine", "fingerprint": "91114e17d94c5b0cc13793387a163a036e307b8032e83a1f299f9d1227f00444", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91114e17d94c5b0cc13793387a163a036e307b8032e83a1f299f9d1227f00444"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_restore_state.py"}, "region": {"startLine": 518}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37462, "scanner": "repobility-ast-engine", "fingerprint": "bfd4ac17dd75d34e4b4626c80b950e8f0e4290a8d38f1e060876d668f710537a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bfd4ac17dd75d34e4b4626c80b950e8f0e4290a8d38f1e060876d668f710537a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_entity.py"}, "region": {"startLine": 838}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37461, "scanner": "repobility-ast-engine", "fingerprint": "052068cadf5af3fe4acb4038b3bb262ce8e67077059348e2072c5b6a3b389cea", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|052068cadf5af3fe4acb4038b3bb262ce8e67077059348e2072c5b6a3b389cea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_reload.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37460, "scanner": "repobility-ast-engine", "fingerprint": "ead72bd1475a48c6d67b592353a58343a6e73753fc96f44750d426656a926c63", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ead72bd1475a48c6d67b592353a58343a6e73753fc96f44750d426656a926c63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_entity_platform.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37459, "scanner": "repobility-ast-engine", "fingerprint": "16dbb79fce85d80e89c62ab3c926727dacc4512037743399bf26e8f694288e27", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16dbb79fce85d80e89c62ab3c926727dacc4512037743399bf26e8f694288e27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/helpers/test_group.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37458, "scanner": "repobility-ast-engine", "fingerprint": "4847c871e49e8a72112853a5f963eab6e0f6e7a46c2297bec31b0983e9b2bf09", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4847c871e49e8a72112853a5f963eab6e0f6e7a46c2297bec31b0983e9b2bf09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pylint/plugins/pylint_home_assistant/helpers/module_info.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37452, "scanner": "repobility-ast-engine", "fingerprint": "7ce954f572d69ef4f7e8c71e09a3f3282064da9fb13d1a0d807b93e08925daf7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ce954f572d69ef4f7e8c71e09a3f3282064da9fb13d1a0d807b93e08925daf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/common.py"}, "region": {"startLine": 1947}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `collections` used but not imported: The file uses `collections.something(...)` but never imports `collections`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37451, "scanner": "repobility-ast-engine", "fingerprint": "4814756363b8e6c6425d5636604a011250683efe2b7c021e652328234ee39f1a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4814756363b8e6c6425d5636604a011250683efe2b7c021e652328234ee39f1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syrupy.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37434, "scanner": "repobility-ast-engine", "fingerprint": "51e900be75e3bfe54c5dec1e170bc0e1a079a5de1a5b1b453cc442abe3bcd527", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51e900be75e3bfe54c5dec1e170bc0e1a079a5de1a5b1b453cc442abe3bcd527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_loader.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 37418, "scanner": "repobility-ast-engine", "fingerprint": "5c59c8307b4b2d4ac56ea92493865329686f24d3b5916baa29b4f551eb9d5e4e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c59c8307b4b2d4ac56ea92493865329686f24d3b5916baa29b4f551eb9d5e4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/const.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC099", "level": "error", "message": {"text": "[SEC099] JWT decoded without signature verification: JWT token is parsed without verifying its signature. The token body can be tampered with arbitrarily by an attacker."}, "properties": {"repobilityId": 37347, "scanner": "repobility-threat-engine", "fingerprint": "4ae34205df0b553508e5b755db4f8b5ade18a5e2de743b31de79e6824820e751", "category": "auth", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "jwt.decode(\n encoded,\n \"\",\n verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC099", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|auth|token|38|sec099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/august/config_flow.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC099", "level": "error", "message": {"text": "[SEC099] JWT decoded without signature verification: JWT token is parsed without verifying its signature. The token body can be tampered with arbitrarily by an attacker."}, "properties": {"repobilityId": 37346, "scanner": "repobility-threat-engine", "fingerprint": "5f9abce2a2cc550c0878b67e751c564d5bf5819acc941b64a4419fb0a212ca77", "category": "auth", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "jwt.decode(\n data[\"token\"][\"access_token\"], options={\"verify_signature\": False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC099", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|auth|token|58|sec099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/aladdin_connect/config_flow.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 37345, "scanner": "repobility-threat-engine", "fingerprint": "e14786732ca8ac64eb9257181121422a532f01b3019eca2ca8c21ceb69f91501", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.9 bits) \u2014 likely real secret", "evidence": {"match": "API_KEY = \"\"", "reason": "High entropy value (4.9 bits) \u2014 likely real secret", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "homeassistant/components/aladdin_connect/api.py"}, "region": {"startLine": 11}}}]}]}]}