{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `ghcr.io/python/autoconf:2025.01.02.12581854023` unpinned: `container/servi", "shortDescription": {"text": "[MINED126] Workflow container/services image `ghcr.io/python/autoconf:2025.01.02.12581854023` unpinned: `container/services image: ghcr.io/python/autoconf:2025.01.02.12581854023` without `@sha256:...` pulls a mutable tag at workflow-run tim"}, "fullDescription": {"text": "Replace with `ghcr.io/python/autoconf:2025.01.02.12581854023@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._add_glossary_link` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `", "shortDescription": {"text": "[MINED108] `self._add_glossary_link` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self._add_glossary_link`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribut"}, "fullDescription": {"text": "Initialize `self._add_glossary_link = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `", "shortDescription": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import platform` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/824"}, "properties": {"repository": "python/cpython", "repoUrl": "https://github.com/python/cpython", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 72644, "scanner": "repobility-ast-engine", "fingerprint": "7a430b534eb456222a7006803aa747eb427bfdb724fd7995163115994b6d53bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a430b534eb456222a7006803aa747eb427bfdb724fd7995163115994b6d53bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/profiling_trace.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 72618, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 72612, "scanner": "repobility-threat-engine", "fingerprint": "b0dc6fb90c988ccaf21747987d2ec924402ce7c385a73005bae4527b49f2dbe0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|115|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/profiling_trace.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 72616, "scanner": "repobility-threat-engine", "fingerprint": "6e589c9ff3d811af2f853a4c627c1b316fe34d7f2ca0d15b803f4c79862b8fdb", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = v", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|44|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/static/rtd_switcher.js"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 72615, "scanner": "repobility-threat-engine", "fingerprint": "13bba46d3db46dc0da1dc011d3a9b01939b55b62e381c8ee8852b2e0efc29f82", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = g", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|32|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/static/glossary_search.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=1, for=1, if=3, nested_bonus=4."}, "properties": {"repobilityId": 72601, "scanner": "repobility-threat-engine", "fingerprint": "9463d96891cc92077abd45c83de1d65365d5315a523c8c037476e408e0ed1f81", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "for": 1, "except": 1, "continue": 1, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|9463d96891cc92077abd45c83de1d65365d5315a523c8c037476e408e0ed1f81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-unpack.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=1, if=4, nested_bonus=2."}, "properties": {"repobilityId": 72600, "scanner": "repobility-threat-engine", "fingerprint": "15fe640b86366f9592b13c107997c9c23ddd204c4b317bf2f786d3a19cabb266", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "for": 1, "else": 1, "continue": 1, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|15fe640b86366f9592b13c107997c9c23ddd204c4b317bf2f786d3a19cabb266"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-dir.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 72611, "scanner": "repobility-threat-engine", "fingerprint": "2c0d71603297c93e8fcda97ee581acee8cc34f494e0d4719efd5ed1170c04e15", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c0d71603297c93e8fcda97ee581acee8cc34f494e0d4719efd5ed1170c04e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/mp_newtype.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 72608, "scanner": "repobility-threat-engine", "fingerprint": "57bbc9d8d4bf9dd1035236e3d973eacdf8b803534b333b44f458daab57d7b77a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57bbc9d8d4bf9dd1035236e3d973eacdf8b803534b333b44f458daab57d7b77a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-read-alternative.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 72607, "scanner": "repobility-threat-engine", "fingerprint": "a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "aggregated_count": 4}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 72606, "scanner": "repobility-threat-engine", "fingerprint": "01dbdc2d19a400f974bb72cbf760e7ace52755d5591c6debc24b401c9e540e18", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01dbdc2d19a400f974bb72cbf760e7ace52755d5591c6debc24b401c9e540e18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/mp_newtype.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 72605, "scanner": "repobility-threat-engine", "fingerprint": "3ff0404d721ad876bfd21f7ca2ea4070c25d331f75a4a29d81f7cdc4dfbb9e6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ff0404d721ad876bfd21f7ca2ea4070c25d331f75a4a29d81f7cdc4dfbb9e6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-unpack.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 72604, "scanner": "repobility-threat-engine", "fingerprint": "d7be15f0362563a7e3ee21551126dce69817a75681eb8fe474834e6d56834b05", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d7be15f0362563a7e3ee21551126dce69817a75681eb8fe474834e6d56834b05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-read-alternative.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 72603, "scanner": "repobility-threat-engine", "fingerprint": "1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "for": 1, "else": 1, "continue": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 9, "correlation_key": "fp|1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "aggregated_count": 14}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 72599, "scanner": "repobility-threat-engine", "fingerprint": "9a7a34bc3a7ab024c4f9ba9e2e5df85d4eba3b8ed90ccfd0f0a72ffe3970abb4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a7a34bc3a7ab024c4f9ba9e2e5df85d4eba3b8ed90ccfd0f0a72ffe3970abb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Include/ceval.h"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 72598, "scanner": "repobility-threat-engine", "fingerprint": "63eaead7af0ec8c7b1e922aa4cec017ad3c65135c95a9bbf21ea62def3326f5f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63eaead7af0ec8c7b1e922aa4cec017ad3c65135c95a9bbf21ea62def3326f5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-alternative.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `ghcr.io/python/autoconf:2025.01.02.12581854023` unpinned: `container/services image: ghcr.io/python/autoconf:2025.01.02.12581854023` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 72646, "scanner": "repobility-supply-chain", "fingerprint": "5a0115a3c868c270d750fb1eddcd0032bfecb0ad1cf687c36ddc6bc663e18a07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a0115a3c868c270d750fb1eddcd0032bfecb0ad1cf687c36ddc6bc663e18a07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._add_glossary_link` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self._add_glossary_link`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72643, "scanner": "repobility-ast-engine", "fingerprint": "edeaad2698b08dfa0e9ea2c26188097eb363529523fc9fb9ca21c1511a9123ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|edeaad2698b08dfa0e9ea2c26188097eb363529523fc9fb9ca21c1511a9123ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72642, "scanner": "repobility-ast-engine", "fingerprint": "ea01100d33b08293aae67c0beeffd65fb9307b5e64b66b960e7dd9df1795d788", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea01100d33b08293aae67c0beeffd65fb9307b5e64b66b960e7dd9df1795d788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72641, "scanner": "repobility-ast-engine", "fingerprint": "dd0047e316a033d31e945de77ee594bc8f8ac08e8b8f4cdd39e11493523e6fbc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd0047e316a033d31e945de77ee594bc8f8ac08e8b8f4cdd39e11493523e6fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72640, "scanner": "repobility-ast-engine", "fingerprint": "3209b96e51c2d64d365ac235c25e8aeb52d755bfed5a910fc9e4ab9a151a439a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3209b96e51c2d64d365ac235c25e8aeb52d755bfed5a910fc9e4ab9a151a439a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `SoftDeprecated` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72639, "scanner": "repobility-ast-engine", "fingerprint": "c3153474338ba6745009016a1a187400e178b75800923f2ac2f6194a9b8fb462", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3153474338ba6745009016a1a187400e178b75800923f2ac2f6194a9b8fb462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.config` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72638, "scanner": "repobility-ast-engine", "fingerprint": "252afb0dd535e85a8372f93ec078bd3580874389e9296b461c790ee41205333c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|252afb0dd535e85a8372f93ec078bd3580874389e9296b461c790ee41205333c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72637, "scanner": "repobility-ast-engine", "fingerprint": "eecbf187c9cd00d2763e893325bf7796c72ca8b209678fe7487bcc2edd1ba8d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eecbf187c9cd00d2763e893325bf7796c72ca8b209678fe7487bcc2edd1ba8d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72636, "scanner": "repobility-ast-engine", "fingerprint": "731c2653b25ee1b7a68d676b9277f7f00b87f84c9af16679856493752fdcce58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|731c2653b25ee1b7a68d676b9277f7f00b87f84c9af16679856493752fdcce58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72635, "scanner": "repobility-ast-engine", "fingerprint": "bcb38b83a8672689e9bb1ec1daf813de7e5c27182b0b1354e3ce727aba999dc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bcb38b83a8672689e9bb1ec1daf813de7e5c27182b0b1354e3ce727aba999dc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72634, "scanner": "repobility-ast-engine", "fingerprint": "ea10a734f1231d00b2dc95397f719d18288f474df55efe23bd3485ac95dd4a91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea10a734f1231d00b2dc95397f719d18288f474df55efe23bd3485ac95dd4a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72633, "scanner": "repobility-ast-engine", "fingerprint": "ce5854aa72faa5a1a3d2409fb7e0fbf6f986b4be7b3a88ca21d97711d8992a2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce5854aa72faa5a1a3d2409fb7e0fbf6f986b4be7b3a88ca21d97711d8992a2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72632, "scanner": "repobility-ast-engine", "fingerprint": "421e1daf4b74e2afb3d370eb34bc2f99c83489a402efc670ee63a168d6e4fccd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|421e1daf4b74e2afb3d370eb34bc2f99c83489a402efc670ee63a168d6e4fccd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.arguments` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.arguments`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72631, "scanner": "repobility-ast-engine", "fingerprint": "75a779e6e0507cb41a0bae8a9f3108d2be3f26589b3136cc09874a550e6d899e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75a779e6e0507cb41a0bae8a9f3108d2be3f26589b3136cc09874a550e6d899e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.config` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72630, "scanner": "repobility-ast-engine", "fingerprint": "23dd8daefaefbb03a21fe199f4c294824edee5977258d99e57b39c0ed747276d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23dd8daefaefbb03a21fe199f4c294824edee5977258d99e57b39c0ed747276d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.arguments` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.arguments`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72629, "scanner": "repobility-ast-engine", "fingerprint": "7155adf689e2a8ecab4ad83ed0c2b5aaa5fc5c812c9092343f6583785974badf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7155adf689e2a8ecab4ad83ed0c2b5aaa5fc5c812c9092343f6583785974badf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.arguments` used but never assigned in __init__: Method `run` of class `DeprecatedRemoved` reads `self.arguments`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72628, "scanner": "repobility-ast-engine", "fingerprint": "2721a9527b5bd11b50d525b6d0b6e416a6325fafcaaf33ca1d51f22fe6df9e40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2721a9527b5bd11b50d525b6d0b6e416a6325fafcaaf33ca1d51f22fe6df9e40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.config` used but never assigned in __init__: Method `run` of class `PyVersionChange` reads `self.config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72627, "scanner": "repobility-ast-engine", "fingerprint": "02287ecbdd036b7e4a37e432beda89212c1d405a54b41a90ca7c2b1fbc38b5e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02287ecbdd036b7e4a37e432beda89212c1d405a54b41a90ca7c2b1fbc38b5e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.arguments` used but never assigned in __init__: Method `run` of class `PyVersionChange` reads `self.arguments`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72626, "scanner": "repobility-ast-engine", "fingerprint": "da32085eebf3cfcde3b70f7f1c7513d3315838f8337fa181172c4d488d87770e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da32085eebf3cfcde3b70f7f1c7513d3315838f8337fa181172c4d488d87770e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.arguments` used but never assigned in __init__: Method `run` of class `PyVersionChange` reads `self.arguments`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72625, "scanner": "repobility-ast-engine", "fingerprint": "b94ffe3fc345445184ada8759396bbc44807fc1528b248fe7e0382adb20be51b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b94ffe3fc345445184ada8759396bbc44807fc1528b248fe7e0382adb20be51b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/changes.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dst` used but never assigned in __init__: Method `utcoffset` of class `USTimeZone` reads `self.dst`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72624, "scanner": "repobility-ast-engine", "fingerprint": "ae193a45e012a4648faa1a4e82c97e9ad3d74362aad57eaf67003d5312ec5fcd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae193a45e012a4648faa1a4e82c97e9ad3d74362aad57eaf67003d5312ec5fcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/tzinfo_examples.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dst` used but never assigned in __init__: Method `tzname` of class `USTimeZone` reads `self.dst`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72623, "scanner": "repobility-ast-engine", "fingerprint": "40b902801666d51ea65d066a3a1a7069b29d5b9208803c6ad9a4fb9ea928b379", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40b902801666d51ea65d066a3a1a7069b29d5b9208803c6ad9a4fb9ea928b379"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/tzinfo_examples.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._isdst` used but never assigned in __init__: Method `tzname` of class `LocalTimezone` reads `self._isdst`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72622, "scanner": "repobility-ast-engine", "fingerprint": "e7b3017002bd12bd3f4aaa43e5ed7c2f7513bdbf98d079b39aa14b54abb10bd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7b3017002bd12bd3f4aaa43e5ed7c2f7513bdbf98d079b39aa14b54abb10bd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/tzinfo_examples.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._isdst` used but never assigned in __init__: Method `dst` of class `LocalTimezone` reads `self._isdst`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72621, "scanner": "repobility-ast-engine", "fingerprint": "b3082b78541fbe771a9ef9b5a0b07cdaf46de79294eadb7bc15c169aa7b52e3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3082b78541fbe771a9ef9b5a0b07cdaf46de79294eadb7bc15c169aa7b52e3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/tzinfo_examples.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._isdst` used but never assigned in __init__: Method `utcoffset` of class `LocalTimezone` reads `self._isdst`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72620, "scanner": "repobility-ast-engine", "fingerprint": "75256c882162444ffb9418f108eac54a3a5027c7c24a620ff0a3b0c76b8e8707", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75256c882162444ffb9418f108eac54a3a5027c7c24a620ff0a3b0c76b8e8707"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/tzinfo_examples.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._callmethod` used but never assigned in __init__: Method `__next__` of class `GeneratorProxy` reads `self._callmethod`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 72619, "scanner": "repobility-ast-engine", "fingerprint": "d43842a9cbb38051a51863a429ce0b1435ffd203fdfb10b5a5f58754fddaecf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d43842a9cbb38051a51863a429ce0b1435ffd203fdfb10b5a5f58754fddaecf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/mp_newtype.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 72617, "scanner": "repobility-threat-engine", "fingerprint": "bde68674dd71bc7a1c5703a64a03d763d006f0d7d6abaa932e2e05410d8b783b", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n       (version) => `\n       <option\n           value=\"${ version.slug }\"\n           ${ config.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bde68674dd71bc7a1c5703a64a03d763d006f0d7d6abaa932e2e05410d8b783b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/static/rtd_switcher.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 72614, "scanner": "repobility-threat-engine", "fingerprint": "6d53c19d0f55f753e843da23ab9b1c30888ea940ec23d02f7c37e436e4b9c2ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(document", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d53c19d0f55f753e843da23ab9b1c30888ea940ec23d02f7c37e436e4b9c2ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/static/changelog_search.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 72613, "scanner": "repobility-threat-engine", "fingerprint": "542a9f7e3f90f90238f3449d30d036f21017f398e144fbfe0f90a4a93f6f70a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|542a9f7e3f90f90238f3449d30d036f21017f398e144fbfe0f90a4a93f6f70a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/profiling_trace.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 72610, "scanner": "repobility-threat-engine", "fingerprint": "3cc4d2514b54a13aedb9507dcf1ebe3e140c40a3c30f48c42a82dfc134ba122d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cc4d2514b54a13aedb9507dcf1ebe3e140c40a3c30f48c42a82dfc134ba122d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/pyspecific.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 72609, "scanner": "repobility-threat-engine", "fingerprint": "1a724bb20769a3085b6efbc4e96a466d5f24ba40cdc7cca49e80181c653f4b07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a724bb20769a3085b6efbc4e96a466d5f24ba40cdc7cca49e80181c653f4b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/email-unpack.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `test` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=3, except=8, for=5, if=2, nested_bonus=8, while=2."}, "properties": {"repobilityId": 72602, "scanner": "repobility-threat-engine", "fingerprint": "721ab7976a7b77ab74faf7d9ec2aee3f839906fd94745e3e11945686b85625a9", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "test", "breakdown": {"if": 2, "for": 5, "break": 3, "while": 2, "except": 8, "nested_bonus": 8}, "complexity": 28, "correlation_key": "fp|721ab7976a7b77ab74faf7d9ec2aee3f839906fd94745e3e11945686b85625a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/mp_pool.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 72596, "scanner": "repobility-threat-engine", "fingerprint": "5a414dc56cbe321cc978d09e5d3d6935db702f0e6ba3eb3732e3dc780f259025", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5a414dc56cbe321cc978d09e5d3d6935db702f0e6ba3eb3732e3dc780f259025"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/capi-extension/spammodule-01.c"}, "region": {"startLine": 19}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 72595, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 72645, "scanner": "repobility-ast-engine", "fingerprint": "268b3f0fc89efd7685cdc54616f2588dfa17760f358f5d0881ac86fbe0e744f7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|268b3f0fc89efd7685cdc54616f2588dfa17760f358f5d0881ac86fbe0e744f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/tools/extensions/availability.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 72597, "scanner": "repobility-threat-engine", "fingerprint": "dab236203e8ae3b2d7181070ac941d77683c025a9b09ba6e5fba9ae955772e15", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dab236203e8ae3b2d7181070ac941d77683c025a9b09ba6e5fba9ae955772e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Doc/includes/dbpickle.py"}, "region": {"startLine": 26}}}]}]}]}