{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `dispatch` has cognitive complexity 8 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `dispatch` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SEC030", "name": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without vali", "shortDescription": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but"}, "fullDescription": {"text": "Validate the redirect URL against an allowlist of safe destinations:\n  # Django:\n  from django.utils.http import url_has_allowed_host_and_scheme\n  if not url_has_allowed_host_and_scheme(url, allowed_hosts={request.get_host()}):\n      url = '/'  # safe default\nOr restrict to relative paths only: `if not url.startswith('/'): abort(400)`. Never accept external schemes without verification."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_send_before_accept", "shortDescription": {"text": "Phantom test coverage: test_send_before_accept"}, "fullDescription": {"text": "Test function `test_send_before_accept` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._perform_cast` used but never assigned in __init__", "shortDescription": {"text": "`self._perform_cast` used but never assigned in __init__"}, "fullDescription": {"text": "Method `get` of class `Config` reads `self._perform_cast`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/167"}, "properties": {"repository": "encode/starlette", "repoUrl": "https://github.com/encode/starlette.git", "branch": "main"}, "results": [{"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 40843, "scanner": "repobility-threat-engine", "fingerprint": "f74731b2052c88077467740d039903d3688d7e80a10fc1f29625d5ba46b7b5f9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:\n        raise", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f74731b2052c88077467740d039903d3688d7e80a10fc1f29625d5ba46b7b5f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/base.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 40842, "scanner": "repobility-threat-engine", "fingerprint": "0ae9bec86adb5a1d03d52ed7c474a7419bf62fc99f073157ef742ea8b60b1a97", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def convert(self, value: str) -> T:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ae9bec86adb5a1d03d52ed7c474a7419bf62fc99f073157ef742ea8b60b1a97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/convertors.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 40841, "scanner": "repobility-threat-engine", "fingerprint": "09a15fcf43af946d42009aab3422e29d15222d3f394eef4b11681d691efe6f31", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def authenticate(self, conn: HTTPConnection) -> tuple[AuthCredentials, BaseUser] | None:\n        rai", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09a15fcf43af946d42009aab3422e29d15222d3f394eef4b11681d691efe6f31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/authentication.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 40835, "scanner": "repobility-ast-engine", "fingerprint": "bd5d2b4c8984e318f09ba50b3190f9a6a0be37cc3ed3b4f2b75c71e1a7b5a059", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd5d2b4c8984e318f09ba50b3190f9a6a0be37cc3ed3b4f2b75c71e1a7b5a059"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/base.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 40809, "scanner": "repobility-ast-engine", "fingerprint": "c9c8f105432ae02d6efbde530eff160120f90aff1c75214b62a92b30433d6f90", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9c8f105432ae02d6efbde530eff160120f90aff1c75214b62a92b30433d6f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/testclient.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 40790, "scanner": "repobility-ast-engine", "fingerprint": "311c1b223df85cb794bd53517ab8b7ec001736d44833cf4103a412bd7ab19089", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|311c1b223df85cb794bd53517ab8b7ec001736d44833cf4103a412bd7ab19089"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_exception_handler.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 4668, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 4666, "scanner": "repobility-threat-engine", "fingerprint": "2622599aba9ee5446e9afcf5c3c70c3b31fb31e3b7e725fa7a7a17b1febeba12", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password=\"<redacted>\"", "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|starlette/datastructures.py|17|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/datastructures.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `dispatch` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=1, except=1, if=1, nested_bonus=2, or=1, while=1."}, "properties": {"repobilityId": 40838, "scanner": "repobility-threat-engine", "fingerprint": "3c69688002ca3dfcdf4602969b9ab60acc1222024d7bf2f5aa2419258db02abb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "dispatch", "breakdown": {"if": 1, "or": 1, "elif": 1, "break": 1, "while": 1, "except": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|3c69688002ca3dfcdf4602969b9ab60acc1222024d7bf2f5aa2419258db02abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/endpoints.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `decode` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, else=1, except=1, if=4, nested_bonus=4, recursion=1, ternary=1."}, "properties": {"repobilityId": 40837, "scanner": "repobility-threat-engine", "fingerprint": "b8fcef916eef3ca1827642cccba37861d51ed57ba8d88353aff463b96d2afae1", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "decode", "breakdown": {"if": 4, "elif": 2, "else": 1, "except": 1, "ternary": 1, "recursion": 1, "nested_bonus": 4}, "complexity": 14, "correlation_key": "fp|b8fcef916eef3ca1827642cccba37861d51ed57ba8d88353aff463b96d2afae1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/endpoints.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `wrapped_app` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, if=6, nested_bonus=6."}, "properties": {"repobilityId": 40836, "scanner": "repobility-threat-engine", "fingerprint": "6b17523687a498dc17a5f425582743e62f7bc0852a15ccf6b437497d1477d614", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "wrapped_app", "breakdown": {"if": 6, "else": 1, "except": 1, "nested_bonus": 6}, "complexity": 14, "correlation_key": "fp|6b17523687a498dc17a5f425582743e62f7bc0852a15ccf6b437497d1477d614"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_exception_handler.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 40861, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 40856, "scanner": "repobility-threat-engine", "fingerprint": "ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "aggregated_count": 1}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 40855, "scanner": "repobility-threat-engine", "fingerprint": "40161e4a0333a997176aa71e1e4fa40f4b238f1132297c073c996bedc9b6976a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40161e4a0333a997176aa71e1e4fa40f4b238f1132297c073c996bedc9b6976a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 40854, "scanner": "repobility-threat-engine", "fingerprint": "7e6d7cab3b9a8aa3e81bb8315d281133003728198a694e24edffd613e81ea700", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e6d7cab3b9a8aa3e81bb8315d281133003728198a694e24edffd613e81ea700"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/concurrency.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 40853, "scanner": "repobility-threat-engine", "fingerprint": "a6cca96e43a94fb360709f45d5dd8a4bc0a3a2bb32b4a7bec0ab58ae384383c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6cca96e43a94fb360709f45d5dd8a4bc0a3a2bb32b4a7bec0ab58ae384383c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/authentication.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 40852, "scanner": "repobility-threat-engine", "fingerprint": "50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "aggregated_count": 7}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 40851, "scanner": "repobility-threat-engine", "fingerprint": "3b02fae9788051de10dc26b81f94aa7dd2f78b254cac0ccef298abb9bd3b65db", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b02fae9788051de10dc26b81f94aa7dd2f78b254cac0ccef298abb9bd3b65db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 40850, "scanner": "repobility-threat-engine", "fingerprint": "5495fc120cc502c512b83eb3cf2ef966e66ee2f0af584779696b3a41d68fc663", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5495fc120cc502c512b83eb3cf2ef966e66ee2f0af584779696b3a41d68fc663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/concurrency.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 40849, "scanner": "repobility-threat-engine", "fingerprint": "8fad526fb1265ac0cb74c682c47a9b64e2f8ff43a93b6340c3c2202d9ae8e6cf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8fad526fb1265ac0cb74c682c47a9b64e2f8ff43a93b6340c3c2202d9ae8e6cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/authentication.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 40848, "scanner": "repobility-threat-engine", "fingerprint": "bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "aggregated_count": 3}}}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 40844, "scanner": "repobility-threat-engine", "fingerprint": "53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 40839, "scanner": "repobility-threat-engine", "fingerprint": "a2a93a58b3a16dee110e3d236f6cd8ce50d0051c315185d5c626125e62496cb2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "wrapped_app", "breakdown": {"if": 6, "else": 1, "except": 1, "nested_bonus": 6}, "aggregated": true, "complexity": 14, "correlation_key": "fp|a2a93a58b3a16dee110e3d236f6cd8ce50d0051c315185d5c626125e62496cb2", "aggregated_count": 18}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 4667, "scanner": "repobility-threat-engine", "fingerprint": "544af436b3adfa0f4eb2b24576231cc9a6189aca6e1466c02d0f26ad4a1df027", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|docs/js/custom.js|4|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/js/custom.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC030", "level": "error", "message": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but land on attacker-controlled pages \u2014 common in OAuth callback flows, post-login redirects, and `next=` parameters. CWE-601."}, "properties": {"repobilityId": 40862, "scanner": "repobility-threat-engine", "fingerprint": "a0b412979a9bc4e0058db2a4f99e671e6f595eb52ca67bab145d328fca2219bd", "category": "open_redirect", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "RedirectResponse(url=str(redirect", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC030", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a0b412979a9bc4e0058db2a4f99e671e6f595eb52ca67bab145d328fca2219bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/trustedhost.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 40860, "scanner": "repobility-threat-engine", "fingerprint": "a7c0180c4f7b46451e41aa9357e0e331783d566186737af309141f4705bf8853", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a7c0180c4f7b46451e41aa9357e0e331783d566186737af309141f4705bf8853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/requests.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 40859, "scanner": "repobility-threat-engine", "fingerprint": "7eed9103b668c85715483077d8ea7d50e165242a598d737bb24ea4ee251bdb1b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7eed9103b668c85715483077d8ea7d50e165242a598d737bb24ea4ee251bdb1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/trustedhost.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 40858, "scanner": "repobility-threat-engine", "fingerprint": "af191ffdeadbd6ffaafb3f50d4c13f017493e91e4ed58b7860e6d35fe20c7ef0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af191ffdeadbd6ffaafb3f50d4c13f017493e91e4ed58b7860e6d35fe20c7ef0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/httpsredirect.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 40857, "scanner": "repobility-threat-engine", "fingerprint": "dda1053f04b8f3da108d0c3efa79f4e4bc8403495a7e9c12081bfdbf67aa72ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "headers.update(self.simple_headers)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dda1053f04b8f3da108d0c3efa79f4e4bc8403495a7e9c12081bfdbf67aa72ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/middleware/cors.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 40847, "scanner": "repobility-threat-engine", "fingerprint": "bdb14ac0f852af6998d98a13e5ede4a8505bc568396c51abd4340e0fe06f2f41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdb14ac0f852af6998d98a13e5ede4a8505bc568396c51abd4340e0fe06f2f41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 40846, "scanner": "repobility-threat-engine", "fingerprint": "e584de5f7183cee4f1029062751863c9b096498af46bb31bc6f464713b4794b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e584de5f7183cee4f1029062751863c9b096498af46bb31bc6f464713b4794b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/concurrency.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 40845, "scanner": "repobility-threat-engine", "fingerprint": "85c6f8608dd1e9a11b58ae7163ce78c36cc38871fba21c044f5156ec8c91ad56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85c6f8608dd1e9a11b58ae7163ce78c36cc38871fba21c044f5156ec8c91ad56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/authentication.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 40840, "scanner": "repobility-threat-engine", "fingerprint": "b844a65f472ec9f7daa36be20584be9e9d76a1b07abee820fd8da6ce0f7ad9e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b844a65f472ec9f7daa36be20584be9e9d76a1b07abee820fd8da6ce0f7ad9e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_utils.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_send_before_accept"}, "properties": {"repobilityId": 40834, "scanner": "repobility-ast-engine", "fingerprint": "df96ec79e965b1f40208857a13932344260dbfa8611c28f50227411d594d9ed4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df96ec79e965b1f40208857a13932344260dbfa8611c28f50227411d594d9ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 608}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_receive_json_before_accept"}, "properties": {"repobilityId": 40833, "scanner": "repobility-ast-engine", "fingerprint": "158e7eabe1a4f1f9198f1d5d21764e98513656f62c4885530db461e202cd9e7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|158e7eabe1a4f1f9198f1d5d21764e98513656f62c4885530db461e202cd9e7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 597}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_receive_bytes_before_accept"}, "properties": {"repobilityId": 40832, "scanner": "repobility-ast-engine", "fingerprint": "b3b2fd203be732b75a65ac19c0f830a7909cabf07ef062ae73863f99b996e9a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3b2fd203be732b75a65ac19c0f830a7909cabf07ef062ae73863f99b996e9a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 586}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_receive_text_before_accept"}, "properties": {"repobilityId": 40831, "scanner": "repobility-ast-engine", "fingerprint": "5fad518a2812bfe74a13ca09f9dff3cfbd85ebac531d7a0e6d2d25df08696281", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fad518a2812bfe74a13ca09f9dff3cfbd85ebac531d7a0e6d2d25df08696281"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_receive_json_invalid_mode"}, "properties": {"repobilityId": 40830, "scanner": "repobility-ast-engine", "fingerprint": "1c8db62dedbba54f33aa499b1706ef9622f9b43e4d3adb7405b19ff78edf991c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c8db62dedbba54f33aa499b1706ef9622f9b43e4d3adb7405b19ff78edf991c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 563}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_send_json_invalid_mode"}, "properties": {"repobilityId": 40829, "scanner": "repobility-ast-engine", "fingerprint": "f7930ff731568fe52935fc00bdd7f135c4bc5a4a13f86ca8d886c99806181842", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7930ff731568fe52935fc00bdd7f135c4bc5a4a13f86ca8d886c99806181842"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 551}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_duplicate_close"}, "properties": {"repobilityId": 40828, "scanner": "repobility-ast-engine", "fingerprint": "a55deea9294ab75887376c99b75e61a849b2e6d8eed865ef7992cb19f20ad797", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a55deea9294ab75887376c99b75e61a849b2e6d8eed865ef7992cb19f20ad797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_websockets.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_timeout_deprecation"}, "properties": {"repobilityId": 40827, "scanner": "repobility-ast-engine", "fingerprint": "04f24f4b18aa3e3ad8e9b517bc823f460cf35c5445c930cda6046fbbf9726fc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04f24f4b18aa3e3ad8e9b517bc823f460cf35c5445c930cda6046fbbf9726fc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_testclient.py"}, "region": {"startLine": 427}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_exception_in_middleware"}, "properties": {"repobilityId": 40826, "scanner": "repobility-ast-engine", "fingerprint": "b10e7aac2eb25318f205c8256d0005e91d20796df194b4592b55080bec1db7e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b10e7aac2eb25318f205c8256d0005e91d20796df194b4592b55080bec1db7e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_testclient.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_error_on_startup"}, "properties": {"repobilityId": 40825, "scanner": "repobility-ast-engine", "fingerprint": "f315ecd4a9c49eefff6465df64b2bf8f3db45e4f8db1ac551b4473854229c52a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f315ecd4a9c49eefff6465df64b2bf8f3db45e4f8db1ac551b4473854229c52a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_testclient.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_status"}, "properties": {"repobilityId": 40824, "scanner": "repobility-ast-engine", "fingerprint": "267116128cd05ce0e8b80d16013c026c32653b5c8e4f54cd9f9a21b4765b7584", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|267116128cd05ce0e8b80d16013c026c32653b5c8e4f54cd9f9a21b4765b7584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_status.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_env_file_raises"}, "properties": {"repobilityId": 40823, "scanner": "repobility-ast-engine", "fingerprint": "a276e7408825d1eb714b1e21260b15d4f0ce64ef2ea0dd26ec350f7b0498399d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a276e7408825d1eb714b1e21260b15d4f0ce64ef2ea0dd26ec350f7b0498399d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_types"}, "properties": {"repobilityId": 40822, "scanner": "repobility-ast-engine", "fingerprint": "e8018852d54e01f4693227bd70ecbb9095ff72556e89d7dab6ea630e243d151b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8018852d54e01f4693227bd70ecbb9095ff72556e89d7dab6ea630e243d151b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_request_url_outside_starlette_context"}, "properties": {"repobilityId": 40821, "scanner": "repobility-ast-engine", "fingerprint": "8d2b7b868e01268e1ddbd690ef7f88ddafa38176a3db5900e370fc86b5bb2ef4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d2b7b868e01268e1ddbd690ef7f88ddafa38176a3db5900e370fc86b5bb2ef4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_requests.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_request_disconnect"}, "properties": {"repobilityId": 40820, "scanner": "repobility-ast-engine", "fingerprint": "c6e85e60d6bafba2d0449a5b0f5674e235bb04f22910b778ff5995aa84376fae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6e85e60d6bafba2d0449a5b0f5674e235bb04f22910b778ff5995aa84376fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_requests.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_handlers_annotations"}, "properties": {"repobilityId": 40819, "scanner": "repobility-ast-engine", "fingerprint": "20185c82584a3b909e302cbb8d0f847cc4cb1c187c92bd8e486ed034928e60c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20185c82584a3b909e302cbb8d0f847cc4cb1c187c92bd8e486ed034928e60c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_exceptions.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_websockets_should_raise"}, "properties": {"repobilityId": 40818, "scanner": "repobility-ast-engine", "fingerprint": "82aef2b04eac8216aca536f4e2e5ba73d13a291fd58ef31506f60c804af41833", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82aef2b04eac8216aca536f4e2e5ba73d13a291fd58ef31506f60c804af41833"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_exceptions.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mount_asgi_app_with_middleware_url_path_for"}, "properties": {"repobilityId": 40817, "scanner": "repobility-ast-engine", "fingerprint": "0027929de150aa1b43cb08cdb305098f098ff4af0eddb0216bed94c1b44e2cab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0027929de150aa1b43cb08cdb305098f098ff4af0eddb0216bed94c1b44e2cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_routing.py"}, "region": {"startLine": 895}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_duplicated_param_names"}, "properties": {"repobilityId": 40816, "scanner": "repobility-ast-engine", "fingerprint": "ad8158c0d3ab1bed7b1deeca47075cac4d75a50a27c6119008a1e514f0aeb5cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad8158c0d3ab1bed7b1deeca47075cac4d75a50a27c6119008a1e514f0aeb5cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_routing.py"}, "region": {"startLine": 754}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raise_on_shutdown"}, "properties": {"repobilityId": 40815, "scanner": "repobility-ast-engine", "fingerprint": "ad48bc3da04808a8d616e6897bc3bd9b1a6da6940cfe3fba47342cac0d69daea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad48bc3da04808a8d616e6897bc3bd9b1a6da6940cfe3fba47342cac0d69daea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_routing.py"}, "region": {"startLine": 717}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_lifespan_state_unsupported"}, "properties": {"repobilityId": 40814, "scanner": "repobility-ast-engine", "fingerprint": "632a293b24023f8b92b4e2ee2808e77a0836b2f1cc5c410f37b47fec29a19dab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|632a293b24023f8b92b4e2ee2808e77a0836b2f1cc5c410f37b47fec29a19dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_routing.py"}, "region": {"startLine": 626}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_standalone_ws_route_does_not_match"}, "properties": {"repobilityId": 40813, "scanner": "repobility-ast-engine", "fingerprint": "7f242162e153e00a978278092c0fe914c375f52f8b15f48d424ae20bedbe377d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f242162e153e00a978278092c0fe914c375f52f8b15f48d424ae20bedbe377d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_routing.py"}, "region": {"startLine": 616}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_client_factory"}, "properties": {"repobilityId": 40812, "scanner": "repobility-ast-engine", "fingerprint": "57e684c4111e6140d7d1ed35c29d4618467f656ca50ab02d1bc5b7d8658f9b03", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57e684c4111e6140d7d1ed35c29d4618467f656ca50ab02d1bc5b7d8658f9b03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/conftest.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mutable_headers_merge_not_mapping"}, "properties": {"repobilityId": 40811, "scanner": "repobility-ast-engine", "fingerprint": "3e3bca4f80f9f1f9862ccdd6e029ad2f75a3cdaa4db46906c8b9545a63094660", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e3bca4f80f9f1f9862ccdd6e029ad2f75a3cdaa4db46906c8b9545a63094660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_datastructures.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_lifespan_app_subclass"}, "properties": {"repobilityId": 40810, "scanner": "repobility-ast-engine", "fingerprint": "703f800b23ee1134f1403d8c1fe7336b536e86d6404cf9064afa3d7ceca76deb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|703f800b23ee1134f1403d8c1fe7336b536e86d6404cf9064afa3d7ceca76deb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_applications.py"}, "region": {"startLine": 552}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._perform_cast` used but never assigned in __init__"}, "properties": {"repobilityId": 40808, "scanner": "repobility-ast-engine", "fingerprint": "0d3e87bb2fab05945fbfbfacd0515ff7a75c371e8ec87ab138dbd1a568f67fa0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d3e87bb2fab05945fbfbfacd0515ff7a75c371e8ec87ab138dbd1a568f67fa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get` used but never assigned in __init__"}, "properties": {"repobilityId": 40807, "scanner": "repobility-ast-engine", "fingerprint": "7e52e84d0a061aa779ecc46834248f0d31847127028e8c2225dc4fd74ffda164", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e52e84d0a061aa779ecc46834248f0d31847127028e8c2225dc4fd74ffda164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_end` used but never assigned in __init__"}, "properties": {"repobilityId": 40806, "scanner": "repobility-ast-engine", "fingerprint": "ae034c325abb90c7a843dcbd0fad14bd16d83c865692b5f692117520f35146bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae034c325abb90c7a843dcbd0fad14bd16d83c865692b5f692117520f35146bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_headers_finished` used but never assigned in __init__"}, "properties": {"repobilityId": 40805, "scanner": "repobility-ast-engine", "fingerprint": "58f3c51c94f243683f5f36a3c720a23eeacac3a59b03ddb13968cfdde02f9bfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58f3c51c94f243683f5f36a3c720a23eeacac3a59b03ddb13968cfdde02f9bfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_header_end` used but never assigned in __init__"}, "properties": {"repobilityId": 40804, "scanner": "repobility-ast-engine", "fingerprint": "f7d3b56f45d6cf9aacb37a389486c2f3239fe41f5d55fbac79f8a649753d7cc4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7d3b56f45d6cf9aacb37a389486c2f3239fe41f5d55fbac79f8a649753d7cc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_header_value` used but never assigned in __init__"}, "properties": {"repobilityId": 40803, "scanner": "repobility-ast-engine", "fingerprint": "7e72a08923e8cb183398a20acf20034d9277369a62ef06758f35784fe2f04374", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e72a08923e8cb183398a20acf20034d9277369a62ef06758f35784fe2f04374"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_header_field` used but never assigned in __init__"}, "properties": {"repobilityId": 40802, "scanner": "repobility-ast-engine", "fingerprint": "f3178a54504c85f5dcccb46d07410385aae3a7b58e8749b7b5cbf0cc83a9f4a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3178a54504c85f5dcccb46d07410385aae3a7b58e8749b7b5cbf0cc83a9f4a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_part_end` used but never assigned in __init__"}, "properties": {"repobilityId": 40801, "scanner": "repobility-ast-engine", "fingerprint": "41ffd55812695de92a8b872b68e24b3454346a4cd8eaded1018292f0e4e86945", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41ffd55812695de92a8b872b68e24b3454346a4cd8eaded1018292f0e4e86945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_part_data` used but never assigned in __init__"}, "properties": {"repobilityId": 40800, "scanner": "repobility-ast-engine", "fingerprint": "9a2e7c36b6eae7d167f966aa5cd4a890eb7e6b73cd5c77b7f0fbe4346e204801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a2e7c36b6eae7d167f966aa5cd4a890eb7e6b73cd5c77b7f0fbe4346e204801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_part_begin` used but never assigned in __init__"}, "properties": {"repobilityId": 40799, "scanner": "repobility-ast-engine", "fingerprint": "ecdc8d0b7f577b73a22d8aedb53d2d72e3ad40f99940906817406f6a7d3f0c30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecdc8d0b7f577b73a22d8aedb53d2d72e3ad40f99940906817406f6a7d3f0c30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_end` used but never assigned in __init__"}, "properties": {"repobilityId": 40798, "scanner": "repobility-ast-engine", "fingerprint": "757fa964f363c9df7bd27f9e49b27809cae7659c4096e44985a55f91c7f2902d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|757fa964f363c9df7bd27f9e49b27809cae7659c4096e44985a55f91c7f2902d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_field_end` used but never assigned in __init__"}, "properties": {"repobilityId": 40797, "scanner": "repobility-ast-engine", "fingerprint": "01b04987c832389f9e8b496bdd2de0f67051bb16f5efab570f9450b5441a2855", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01b04987c832389f9e8b496bdd2de0f67051bb16f5efab570f9450b5441a2855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_field_data` used but never assigned in __init__"}, "properties": {"repobilityId": 40796, "scanner": "repobility-ast-engine", "fingerprint": "8575cdd0935bfc8c3280c6f510175982e2e18d1bd818de16085c5d158f05185c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8575cdd0935bfc8c3280c6f510175982e2e18d1bd818de16085c5d158f05185c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_field_name` used but never assigned in __init__"}, "properties": {"repobilityId": 40795, "scanner": "repobility-ast-engine", "fingerprint": "58aab86b975750613ef9a4e3e088b17d1a8a0bcc6fa9410b00f5cb4634c006b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58aab86b975750613ef9a4e3e088b17d1a8a0bcc6fa9410b00f5cb4634c006b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_field_start` used but never assigned in __init__"}, "properties": {"repobilityId": 40794, "scanner": "repobility-ast-engine", "fingerprint": "b79f1116a5fbe97e4d7f896d789510f7f57e9baa36ff8ca70db18e5bd72b0549", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b79f1116a5fbe97e4d7f896d789510f7f57e9baa36ff8ca70db18e5bd72b0549"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/formparsers.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.entered` used but never assigned in __init__"}, "properties": {"repobilityId": 40793, "scanner": "repobility-ast-engine", "fingerprint": "0f877a208ea6aaea1c2b2f16a71070ebfbffc5b74fe2b349f93334050e09a2ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f877a208ea6aaea1c2b2f16a71070ebfbffc5b74fe2b349f93334050e09a2ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_utils.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.entered` used but never assigned in __init__"}, "properties": {"repobilityId": 40792, "scanner": "repobility-ast-engine", "fingerprint": "f73765f12dd211fc73b0d00ad80cbbc0d051363d7d1baa579d742f699edfa1f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f73765f12dd211fc73b0d00ad80cbbc0d051363d7d1baa579d742f699edfa1f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_utils.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.entered` used but never assigned in __init__"}, "properties": {"repobilityId": 40791, "scanner": "repobility-ast-engine", "fingerprint": "5171772753887d97a7d897a51cf0d2e1d787239136d132ecf1fb96b280637f52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5171772753887d97a7d897a51cf0d2e1d787239136d132ecf1fb96b280637f52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/_utils.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_docstring` used but never assigned in __init__"}, "properties": {"repobilityId": 40789, "scanner": "repobility-ast-engine", "fingerprint": "5bc799a11fb0fddbdd74dd9a836c30843e1fbb738cbbb90275c3c5babcf3c79d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5bc799a11fb0fddbdd74dd9a836c30843e1fbb738cbbb90275c3c5babcf3c79d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_endpoints` used but never assigned in __init__"}, "properties": {"repobilityId": 40788, "scanner": "repobility-ast-engine", "fingerprint": "53e8c2412a6f249bfd11728f3486728ccf705d3bc39518975ed6a1bf95f5976d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e8c2412a6f249bfd11728f3486728ccf705d3bc39518975ed6a1bf95f5976d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_schema` used but never assigned in __init__"}, "properties": {"repobilityId": 40787, "scanner": "repobility-ast-engine", "fingerprint": "2613f8b0f2ddf96bb3f15f4c8df63717e3db90eace54ea6448fa2c26a5e86e90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2613f8b0f2ddf96bb3f15f4c8df63717e3db90eace54ea6448fa2c26a5e86e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._remove_converter` used but never assigned in __init__"}, "properties": {"repobilityId": 40786, "scanner": "repobility-ast-engine", "fingerprint": "9e96a51deaeabe3b31c3564d8b9b078df69269b0f8943dc6563304f04b5f32e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e96a51deaeabe3b31c3564d8b9b078df69269b0f8943dc6563304f04b5f32e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._remove_converter` used but never assigned in __init__"}, "properties": {"repobilityId": 40785, "scanner": "repobility-ast-engine", "fingerprint": "2bdf128cfac08629be10ebf31a06450f1fd066c7734d77e33199cb7243a436f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bdf128cfac08629be10ebf31a06450f1fd066c7734d77e33199cb7243a436f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_endpoints` used but never assigned in __init__"}, "properties": {"repobilityId": 40784, "scanner": "repobility-ast-engine", "fingerprint": "2306c7e7089af6a0dd68f4421ffadc8997b3314b78768b39888f3d33ffa60e4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2306c7e7089af6a0dd68f4421ffadc8997b3314b78768b39888f3d33ffa60e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._remove_converter` used but never assigned in __init__"}, "properties": {"repobilityId": 40783, "scanner": "repobility-ast-engine", "fingerprint": "f403ab94cbe783190f1db627bc81458ef743e98f1327aba9500b97e38c929be9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f403ab94cbe783190f1db627bc81458ef743e98f1327aba9500b97e38c929be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/schemas.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 4665, "scanner": "repobility-threat-engine", "fingerprint": "c315aaa121f2a86ab0bb9994a8cf308294b96ea04237defd48f0fdb77d88b501", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(file_name, encoding=encoding) as input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|starlette/config.py|113|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starlette/config.py"}, "region": {"startLine": 113}}}]}]}]}