{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR013", "name": "Dockerfile ADD downloads remote content", "shortDescription": {"text": "Dockerfile ADD downloads remote content"}, "fullDescription": {"text": "ADD can fetch remote URLs without checksum verification. This makes builds dependent on mutable network content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/338"}, "properties": {"repository": "CloakHQ/CloakBrowser", "repoUrl": "https://github.com/CloakHQ/CloakBrowser", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 10685, "scanner": "repobility-docker", "fingerprint": "33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "cloakhq/cloakbrowser:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 10684, "scanner": "repobility-docker", "fingerprint": "168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 10683, "scanner": "repobility-docker", "fingerprint": "7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "cloakhq/cloakbrowser:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 10682, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 10681, "scanner": "repobility-docker", "fingerprint": "bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10678, "scanner": "repobility-threat-engine", "fingerprint": "a12d1c72333cc62f1980326e7dd9f88675150f8944c7481c69a7e62269a9a2f7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a12d1c72333cc62f1980326e7dd9f88675150f8944c7481c69a7e62269a9a2f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 614}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10677, "scanner": "repobility-threat-engine", "fingerprint": "5526de076e5da13df1c37da43c3df8cffd186f064dc0e9951fc788b51dd43d77", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5526de076e5da13df1c37da43c3df8cffd186f064dc0e9951fc788b51dd43d77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/geoip.ts"}, "region": {"startLine": 341}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10676, "scanner": "repobility-threat-engine", "fingerprint": "56e5ec6f77600c92d2300f865c163b980d1aa5a6e137a899d783230504a78d4e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => { })", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|56e5ec6f77600c92d2300f865c163b980d1aa5a6e137a899d783230504a78d4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/download.ts"}, "region": {"startLine": 606}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10675, "scanner": "repobility-threat-engine", "fingerprint": "8ead0800bff2b05226904399d5d8a4e1707f63893e197bbb3dde8b2c3b2ddfe9", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ead0800bff2b05226904399d5d8a4e1707f63893e197bbb3dde8b2c3b2ddfe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/lambda_handler.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10674, "scanner": "repobility-threat-engine", "fingerprint": "8083276db192adab497e504140ec49ce75aab8b29789008980f5f9a006bf2abb", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8083276db192adab497e504140ec49ce75aab8b29789008980f5f9a006bf2abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10673, "scanner": "repobility-threat-engine", "fingerprint": "0ec8c3e9262c609cc390e6f6f522e4d7d2c5d9423c3ee1c9cc4c96922a3f58dc", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except BaseException:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ec8c3e9262c609cc390e6f6f522e4d7d2c5d9423c3ee1c9cc4c96922a3f58dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 701}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 10668, "scanner": "repobility-threat-engine", "fingerprint": "02899cd37a49ef3237e1588e293599ea9c0953374225a1cc05a34fda20d282d8", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|cloakbrowser/download.py|330|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10667, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/scroll.ts", "duplicate_line": 5, "correlation_key": "fp|8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/scroll.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10666, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/keyboard.ts", "duplicate_line": 5, "correlation_key": "fp|3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/keyboard.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10665, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 35, "correlation_key": "fp|f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10664, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 446, "correlation_key": "fp|c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/elementhandle.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10663, "scanner": "repobility-ai-code-hygiene", "fingerprint": "861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/scroll.py", "duplicate_line": 67, "correlation_key": "fp|861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10662, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/mouse.py", "duplicate_line": 45, "correlation_key": "fp|4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/mouse_async.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10661, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/actionability.py", "duplicate_line": 60, "correlation_key": "fp|2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/actionability_async.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 10679, "scanner": "repobility-threat-engine", "fingerprint": "e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 10672, "scanner": "repobility-threat-engine", "fingerprint": "c08d5d6d20bee8e36fa9df47a46d89e800c7efe14786438ae211fe845a778bb8", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c08d5d6d20bee8e36fa9df47a46d89e800c7efe14786438ae211fe845a778bb8"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10671, "scanner": "repobility-threat-engine", "fingerprint": "12cfaf8c0520ff622fb8f2ea32ea99ca5afedb90b228c396cf15434455270680", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|48|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/mouse_async.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10670, "scanner": "repobility-threat-engine", "fingerprint": "3f1d84eae7634f8aad97ada17fbfe90376a844b6f297f8b3c60ebfb05c2e25c6", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|87|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/keyboard.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 10669, "scanner": "repobility-threat-engine", "fingerprint": "ce1e309cdccd885ce756585bbaba38ca56e4024e1fd84721139e3f715997c1bf", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|cloakbrowser/config.py|46|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 10680, "scanner": "repobility-docker", "fingerprint": "18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}]}]}