{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/497"}, "properties": {"repository": "langchain-ai/langchain", "repoUrl": "https://github.com/langchain-ai/langchain.git", "branch": "master"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 29299, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 29298, "scanner": "repobility-agent-runtime", "fingerprint": "cb326d15bf51697c29fbba2fec16b0377be1fc3f1b625697f06f9c0b59e6616c", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|cb326d15bf51697c29fbba2fec16b0377be1fc3f1b625697f06f9c0b59e6616c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/_security/_policy.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 29279, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29297, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b72e03988be593405a2f8a4c47c575611743e66ba0208aa65896296e9970fd0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/utils/aiter.py", "duplicate_line": 124, "correlation_key": "fp|9b72e03988be593405a2f8a4c47c575611743e66ba0208aa65896296e9970fd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/utils/iter.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29296, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad915c740eeac41460578d795839be74ff39e0c0336cb0e4273a4f88d19e5b3b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/tracers/base.py", "duplicate_line": 622, "correlation_key": "fp|ad915c740eeac41460578d795839be74ff39e0c0336cb0e4273a4f88d19e5b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/tracers/event_stream.py"}, "region": {"startLine": 523}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29295, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d384385dd949894f9f30c668ab596b69cbff635a8686baca0c173fca557edd7f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/tools/simple.py", "duplicate_line": 70, "correlation_key": "fp|d384385dd949894f9f30c668ab596b69cbff635a8686baca0c173fca557edd7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/tools/structured.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29294, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95156296666df545cc06f31876b8d8374a541e6747b1f218043cdfc7a11aba99", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/branch.py", "duplicate_line": 117, "correlation_key": "fp|95156296666df545cc06f31876b8d8374a541e6747b1f218043cdfc7a11aba99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/router.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29293, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e04da1460e26eaf21c17ba4cb82ef45ce3d8208961e730939caedd1e7630ab65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/configurable.py", "duplicate_line": 51, "correlation_key": "fp|e04da1460e26eaf21c17ba4cb82ef45ce3d8208961e730939caedd1e7630ab65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/router.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f4c35109ed98112ef93a558273716e570f0ee0aeda6426d4df36db23a1fe16d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/branch.py", "duplicate_line": 117, "correlation_key": "fp|2f4c35109ed98112ef93a558273716e570f0ee0aeda6426d4df36db23a1fe16d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/passthrough.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21da4bc8b3c70a506d14b9d08c5c1c501d336de781a326b23eddfaaf146f4066", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/configurable.py", "duplicate_line": 54, "correlation_key": "fp|21da4bc8b3c70a506d14b9d08c5c1c501d336de781a326b23eddfaaf146f4066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/passthrough.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19023a3c87fc50dff11ba2680b700ae151daa6bfa69e45f13149972a4c3e0926", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/graph.py", "duplicate_line": 476, "correlation_key": "fp|19023a3c87fc50dff11ba2680b700ae151daa6bfa69e45f13149972a4c3e0926"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/graph_mermaid.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a20e5d075215a81d27e21dc1faaf21bb2f6674f64d472bcde654b3b5a4da42a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/runnables/configurable.py", "duplicate_line": 53, "correlation_key": "fp|a20e5d075215a81d27e21dc1faaf21bb2f6674f64d472bcde654b3b5a4da42a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/runnables/fallbacks.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0a6610b0deb7396b627fbbc4ca218fc932187a83f959d88e6cfc9fd28704d1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/ai.py", "duplicate_line": 135, "correlation_key": "fp|a0a6610b0deb7396b627fbbc4ca218fc932187a83f959d88e6cfc9fd28704d1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/tool.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29287, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f04d228d0e73ac2d6bdae3ca54945523339f2840c8fc4baf511a3596a24d573", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/ai.py", "duplicate_line": 135, "correlation_key": "fp|3f04d228d0e73ac2d6bdae3ca54945523339f2840c8fc4baf511a3596a24d573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/system.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29286, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d23ff743e5a573805e7a63aed946a9ddf6adad205530d87cc922cffb8642543", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/human.py", "duplicate_line": 20, "correlation_key": "fp|8d23ff743e5a573805e7a63aed946a9ddf6adad205530d87cc922cffb8642543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/system.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29285, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db25dae5dba554701304f4b559565f6e1ccb47c24de95b55a481562eb1c3a987", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/ai.py", "duplicate_line": 135, "correlation_key": "fp|db25dae5dba554701304f4b559565f6e1ccb47c24de95b55a481562eb1c3a987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/human.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29284, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ea1d087aea06e142fea3555fa6ef4b54c4e2718887bd50581b48f9d53287f03", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/block_translators/anthropic.py", "duplicate_line": 7, "correlation_key": "fp|7ea1d087aea06e142fea3555fa6ef4b54c4e2718887bd50581b48f9d53287f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/block_translators/groq.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4ad4e498e53ad9951ad00e4731ed405da1cee272a8d30f04b646e3374af2abcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/block_translators/anthropic.py", "duplicate_line": 7, "correlation_key": "fp|4ad4e498e53ad9951ad00e4731ed405da1cee272a8d30f04b646e3374af2abcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/block_translators/bedrock_converse.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "322860271d6feaa661e926477b596be5f3a030a1e4a908f1fa71e79bd5b212c8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/messages/ai.py", "duplicate_line": 135, "correlation_key": "fp|322860271d6feaa661e926477b596be5f3a030a1e4a908f1fa71e79bd5b212c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/base.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c819b0120c0d097942556c2a12df6245b90bf5125f2ecc9a8dfa6878917dc7c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libs/core/langchain_core/_api/beta_decorator.py", "duplicate_line": 64, "correlation_key": "fp|c819b0120c0d097942556c2a12df6245b90bf5125f2ecc9a8dfa6878917dc7c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/_api/deprecation.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 29280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d47334b54e0e6e9a8ff06e86f1855f44db6a621ba6079dc9a13dae93fee5c70c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v0", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d47334b54e0e6e9a8ff06e86f1855f44db6a621ba6079dc9a13dae93fee5c70c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libs/core/langchain_core/messages/block_translators/langchain_v0.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29278, "scanner": "repobility-threat-engine", "fingerprint": "ac5c5fa456e2b9bb2fbb43a803b0993ac2164e14a4b7242987ef107db416d59b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(pypi_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac5c5fa456e2b9bb2fbb43a803b0993ac2164e14a4b7242987ef107db416d59b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/get_min_versions.py"}, "region": {"startLine": 51}}}]}]}]}