{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/9"}, "properties": {"repository": "https://github.com/microsoft/typescript-go", "repoUrl": "https://github.com/microsoft/typescript-go", "branch": "main"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 27983, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4447, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8321a276f642e8462ae2fb72e8bf2641715b229869ed6f17ae19b32c76c77724", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/ls/codeactions_importfixes.go", "duplicate_line": 1, "correlation_key": "fp|8321a276f642e8462ae2fb72e8bf2641715b229869ed6f17ae19b32c76c77724"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/ls/rename.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4068, "scanner": "repobility-ai-code-hygiene", "fingerprint": "712ee87e1fff0be7dc242da5ec7a7620dbab32b9d3da482f78b70a32b59a7773", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/lsp/logger.go", "duplicate_line": 50, "correlation_key": "fp|712ee87e1fff0be7dc242da5ec7a7620dbab32b9d3da482f78b70a32b59a7773"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/project/logging/logger.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2338, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5847560fb94fd7def14b36d8b76c17be4bcc2923ae261f7ed732bfd3ea77208", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "testdata/baselines/reference/tsc/incremental/when-global-file-is-added,-the-signatures-are-updated.js", "duplicate_line": 24, "correlation_key": "fp|f5847560fb94fd7def14b36d8b76c17be4bcc2923ae261f7ed732bfd3ea77208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/execute/tsctests/sys.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2337, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77b2abf4650be9da92bca3ae26942f3ab788f40f27944f1165b531efcafb9285", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/bundled/libs/lib.es2023.array.d.ts", "duplicate_line": 83, "correlation_key": "fp|77b2abf4650be9da92bca3ae26942f3ab788f40f27944f1165b531efcafb9285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/bundled/libs/lib.es2025.float16.d.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2336, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4fb6da649820d311fcfaa370bdb6b9fe09e551e5d8ab32a6017f7f98ed72432", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/bundled/libs/lib.es2017.intl.d.ts", "duplicate_line": 1, "correlation_key": "fp|e4fb6da649820d311fcfaa370bdb6b9fe09e551e5d8ab32a6017f7f98ed72432"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/bundled/libs/lib.es2021.intl.d.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2335, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e6e2f86b9708de38cc309258c091466f459b36378e95b2f0a43de36a1f95ad5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/bundled/libs/lib.es2017.intl.d.ts", "duplicate_line": 1, "correlation_key": "fp|5e6e2f86b9708de38cc309258c091466f459b36378e95b2f0a43de36a1f95ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/bundled/libs/lib.es2019.intl.d.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2332, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6b513c3b4e071973339e00eda6286504f4722356a9be30a5da69fcfe6106a84", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "_packages/native-preview/src/api/async/api.ts", "duplicate_line": 5, "correlation_key": "fp|c6b513c3b4e071973339e00eda6286504f4722356a9be30a5da69fcfe6106a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "_packages/native-preview/src/api/sync/api.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2331, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b83afb97c4b85643b72b4d2c9ec3cdb49b289fd0417aefe0fecad661a592799", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "updated", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2b83afb97c4b85643b72b4d2c9ec3cdb49b289fd0417aefe0fecad661a592799"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testdata/baselines/reference/tsc/incremental/when-global-file-is-added,-the-signatures-are-updated.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27981, "scanner": "repobility-threat-engine", "fingerprint": "cd4343fee16f9083b43a8064838c8ce60fde9feb8f9a7c630cabb7ed113e9785", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = syscall.CloseHandle(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd4343fee16f9083b43a8064838c8ce60fde9feb8f9a7c630cabb7ed113e9785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/tsgo/isprocessalive_windows.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27980, "scanner": "repobility-threat-engine", "fingerprint": "0810360649ec38fc35909d6738be0d723b82f18490203a05293675151bd88218", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = windows.SetConsoleMode(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0810360649ec38fc35909d6738be0d723b82f18490203a05293675151bd88218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/tsgo/enablevtprocessing_windows.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27979, "scanner": "repobility-threat-engine", "fingerprint": "c8832a889c8c54cacacff950207a46e8a5ba8d6b2bd08327be4167ca967cc54a", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = format.Node(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c8832a889c8c54cacacff950207a46e8a5ba8d6b2bd08327be4167ca967cc54a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "_tools/customlint/unexportedapi.go"}, "region": {"startLine": 277}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12278, "scanner": "repobility-threat-engine", "fingerprint": "b321033be95aa2784c27d4e457b585923167343de368b462df3f5656a84049b2", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = b.ensureConfiguredProjectAndAncestorsForFile(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b321033be95aa2784c27d4e457b585923167343de368b462df3f5656a84049b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/project/projectcollectionbuilder.go"}, "region": {"startLine": 633}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2334, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37085922b2ad502806e8931fe78941a6ba5d3c958318e5f0c07ddf9574a1f90b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/api/conn_async.go", "duplicate_line": 87, "correlation_key": "fp|37085922b2ad502806e8931fe78941a6ba5d3c958318e5f0c07ddf9574a1f90b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/api/conn_sync.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2333, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4ffe19b4ac70b72234c7fcf141755eb60a51cc95314b907c69243c571d1427b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "_packages/native-preview/src/api/async/types.ts", "duplicate_line": 61, "correlation_key": "fp|a4ffe19b4ac70b72234c7fcf141755eb60a51cc95314b907c69243c571d1427b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "_packages/native-preview/src/api/sync/types.ts"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 2330, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2a25bfca5595abe3148e5f94ec8133caeef4a298135bd5a08efea56770c5f20", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "updated", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b2a25bfca5595abe3148e5f94ec8133caeef4a298135bd5a08efea56770c5f20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testdata/baselines/reference/tsc/incremental/when-global-file-is-added,-the-signatures-are-updated.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 2101, "scanner": "repobility-threat-engine", "fingerprint": "211df6eb83f5d1c8c71fdf9543b2a8a71efe86cf987dd9ec7f17eb696216f4ea", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = hasher.WriteString(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|211df6eb83f5d1c8c71fdf9543b2a8a71efe86cf987dd9ec7f17eb696216f4ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/project/extendedconfigcache.go"}, "region": {"startLine": 42}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 2100, "scanner": "repobility-threat-engine", "fingerprint": "69d343b418f9a86c22a7281881f7720396c7cbe8123fa76efe48e2d8da7ff7b9", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = tsoptions.GetParsedCommandLineOfConfigFilePath(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69d343b418f9a86c22a7281881f7720396c7cbe8123fa76efe48e2d8da7ff7b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/project/configfileregistrybuilder.go"}, "region": {"startLine": 128}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 2099, "scanner": "repobility-threat-engine", "fingerprint": "43b2f605d68f9be95c714cd7f8ddb3a079c0182e0e88ac8ac314793e842e58e7", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = b.ensureConfiguredProjectAndAncestorsForFile(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|43b2f605d68f9be95c714cd7f8ddb3a079c0182e0e88ac8ac314793e842e58e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/project/projectcollectionbuilder.go"}, "region": {"startLine": 625}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 27982, "scanner": "repobility-threat-engine", "fingerprint": "31053255678d6afc7deb10ff0ed7e8e3cc887da24fe21098953ec236e326321b", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|31053255678d6afc7deb10ff0ed7e8e3cc887da24fe21098953ec236e326321b"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 2102, "scanner": "repobility-threat-engine", "fingerprint": "8e025c8d67c3439a4e8279febec0083a40dca1fd3d66afb62bb30780b311da76", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8e025c8d67c3439a4e8279febec0083a40dca1fd3d66afb62bb30780b311da76"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27978, "scanner": "repobility-threat-engine", "fingerprint": "2eb1ecf1935726b3d7784b4b6d2afc969e4be1cb7c65ca8ebf508110db79a335", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2eb1ecf1935726b3d7784b4b6d2afc969e4be1cb7c65ca8ebf508110db79a335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "_packages/native-preview/src/api/path.ts"}, "region": {"startLine": 506}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 8460, "scanner": "repobility-threat-engine", "fingerprint": "aa0ba53ce734f6187615ca7e7831a7c5b3c78e4952f0ebb638d3c874a5b42cac", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, params *lsproto.DidOpenTextDocumentParams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|internal/lsp/server.go|1254|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/lsp/server.go"}, "region": {"startLine": 1254}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 4449, "scanner": "repobility-threat-engine", "fingerprint": "bb84c20631913823dc583c32339023a38cfd7435796fe619b402b8636c388d46", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, params *lsproto.DidOpenTextDocumentParams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|internal/lsp/server.go|1257|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/lsp/server.go"}, "region": {"startLine": 1257}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 2103, "scanner": "repobility-threat-engine", "fingerprint": "af1581caffd1b5a3eca5bab1dcf748b30437f627f72361552d0492c7a1270d03", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, params *lsproto.DidOpenTextDocumentParams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|internal/lsp/server.go|1232|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/lsp/server.go"}, "region": {"startLine": 1232}}}]}]}]}