← Back to scan
File as GitHub Issue repo: MozillaFoundation/foundation.mozilla.org

Push this scan report to MozillaFoundation/foundation.mozilla.org

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Missing import: `locale` used but not imported

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/footer/templatetags/foot…:20
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/core/management/commands…:41
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/navigation/templatetags/…:20
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/legacy_apps/wagtailpages…:272
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/legacy_apps/wagtailpages…:88
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/legacy_apps/mozfest/mode…:243
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… foundation_cms/legacy_apps/wagtailpages…:16
CRIT MINED107 [MINED107] Missing import: `html` used but not imported: The file uses `html.something(..… foundation_cms/legacy_apps/wagtailpages…:40
CRIT MINED107 [MINED107] Missing import: `locale` used but not imported: The file uses `locale.somethin… tasks.py:689
CRIT MINED019 [MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) — full RC… foundation_cms/legacy_apps/nav/models.py:145
CRIT MINED019 [MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) — full RC… foundation_cms/legacy_apps/donate_banne…:143
CRIT MINED019 [MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) — full RC… foundation_cms/footer/models.py:73
CRIT MINED116 [MINED116] Workflow uses `secrets.COVERALLS_REPO_TOKEN` on a `pull_request` trigger: This… .github/workflows/continous-integration…:78
CRIT MINED116 [MINED116] Workflow uses `secrets.PERCY_TOKEN_REDESIGN` on a `pull_request` trigger: This… .github/workflows/visual-regression-tes…:150
CRIT MINED116 [MINED116] Workflow uses `secrets.PERCY_TOKEN_LEGACY` on a `pull_request` trigger: This w… .github/workflows/visual-regression-tes…:136
HIGH MINED108 [MINED108] `self.animated_webp_ready` used but never assigned in __init__: Method `get_re… foundation_cms/images/models.py:114
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:79
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:84
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:76
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:75
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:74
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:91
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:66
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:67
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:63
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `save` of class `Found… foundation_cms/images/models.py:62
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `animated_webp_ready` … foundation_cms/images/models.py:44
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `animated_webp_ready` … foundation_cms/images/models.py:46
HIGH MINED108 [MINED108] `self.file` used but never assigned in __init__: Method `animated_webp_ready` … foundation_cms/images/models.py:45
HIGH MINED108 [MINED108] `self.pk` used but never assigned in __init__: Method `animated_webp_ready` of… foundation_cms/images/models.py:42
HIGH MINED108 [MINED108] `self.get_platform_display` used but never assigned in __init__: Method `aria_… foundation_cms/footer/models.py:236
HIGH MINED108 [MINED108] `self.get_platform_display` used but never assigned in __init__: Method `__str… foundation_cms/footer/models.py:226
HIGH MINED108 [MINED108] `self.get_preview_template` used but never assigned in __init__: Method `serve… foundation_cms/footer/models.py:98
HIGH MINED108 [MINED108] `self.get_preview_context` used but never assigned in __init__: Method `serve_… foundation_cms/footer/models.py:97
HIGH MINED108 [MINED108] `self.get` used but never assigned in __init__: Method `get_file_link` of clas… foundation_cms/blocks/link_block.py:24
HIGH MINED108 [MINED108] `self.get` used but never assigned in __init__: Method `get_phone_link` of cla… foundation_cms/blocks/link_block.py:21
HIGH MINED108 [MINED108] `self.get` used but never assigned in __init__: Method `get_anchor_link` of cl… foundation_cms/blocks/link_block.py:18
HIGH MINED108 [MINED108] `self.get` used but never assigned in __init__: Method `get_email_link` of cla… foundation_cms/blocks/link_block.py:15
HIGH MINED108 [MINED108] `self.get` used but never assigned in __init__: Method `icon_alt_text` of clas… foundation_cms/blocks/icon_info_grid_bl…:21
HIGH MINED108 [MINED108] `self.get_wagtail_site` used but never assigned in __init__: Method `items` of… foundation_cms/sitemaps.py:12
HIGH MINED106 [MINED106] Phantom test coverage: test_python: Test function `test_python` runs code but … tasks.py:400
HIGH SEC030 [SEC030] Open Redirect — user-controlled redirect target: Redirect target is taken direct… foundation_cms/legacy_apps/utility/midd…:44
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … foundation_cms/views.py:174
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … foundation_cms/legacy_apps/utility/mana…:29
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … foundation_cms/legacy_apps/utility/mana…:43
HIGH SEC083 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can c… foundation_cms/legacy_apps/static/js/fo…:48
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). foundation_cms/images/models.py:147
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… foundation_cms/legacy_apps/utility/mana…:22
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… foundation_cms/legacy_apps/utility/mana…:40
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… foundation_cms/images/models.py:85
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … foundation_cms/core/management/commands…:33
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … foundation_cms/core/management/commands…:28
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … foundation_cms/core/factories/homepage.…:79
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… foundation_cms/blocks/donor_help_contac…:24
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… foundation_cms/blocks/common/link_block…:11
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… foundation_cms/blocks/common/link_block…:36
HIGH SEC111 [SEC111] Django mark_safe / |safe filter on user data: Django's `mark_safe()` and `|safe`… foundation_cms/core/models/sitewide_foo…:29
HIGH SEC111 [SEC111] Django mark_safe / |safe filter on user data: Django's `mark_safe()` and `|safe`… foundation_cms/core/models/sitewide_don…:29
HIGH SEC111 [SEC111] Django mark_safe / |safe filter on user data: Django's `mark_safe()` and `|safe`… foundation_cms/base/widgets.py:27
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… foundation_cms/legacy_apps/static/js/mu…:62
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… foundation_cms/base/static/wagtailadmin…:44
HIGH SEC006 [SEC006] XSS Risk: Direct HTML injection without sanitization. foundation_cms/legacy_apps/static/js/bu…:184
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… frontend/redesign/build-css.js:54
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… copy-db.js:36
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v1`: `u… .github/workflows/maintenance-page.yml:17
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/maintenance-page.yml:15
HIGH MINED126 [MINED126] Workflow container/services image `postgres:15` unpinned: `container/services … .github/workflows/continous-integration…:130
HIGH MINED126 [MINED126] Workflow container/services image `postgres:15` unpinned: `container/services … .github/workflows/continous-integration…:65
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/continous-integration…:175
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setu… .github/workflows/continous-integration…:170
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/continous-integration…:169
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/continous-integration…:102
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setu… .github/workflows/continous-integration…:98
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/continous-integration…:97
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setu… .github/workflows/continous-integration…:40
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/continous-integration…:39
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/continous-integration…:22
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/continous-integration…:21
HIGH MINED126 [MINED126] Workflow container/services image `postgres:13.2` unpinned: `container/service… .github/workflows/visual-regression-tes…:75
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/visual-regression-tes…:123
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setu… .github/workflows/visual-regression-tes…:119
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/visual-regression-tes…:116
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/visual-regression-tes…:39
HIGH MINED126 [MINED126] Workflow container/services image `postgres:13.2` unpinned: `container/service… .github/workflows/visual-regression-tes…:57
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/visual-regression-tes…:105
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setu… .github/workflows/visual-regression-tes…:101
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/visual-regression-tes…:98
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/visual-regression-tes…:27
HIGH MINED121 [MINED121] requirements.txt installs from `wagtail-localize-git @ git+https://github.com/… requirements.txt:296
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python… Dockerfile:33
HIGH MINED118 [MINED118] Dockerfile FROM `node:20-bookworm-slim` not pinned by digest: `FROM node:20-bo… Dockerfile:2
HIGH DKC011 Database service publishes a host port docker-compose.yml:66
HIGH MINED112 [MINED112] FastAPI PATCH foundation_cms.legacy_apps.events.views.basket has no auth: Hand… foundation_cms/legacy_apps/events/tests…:55
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… foundation_cms/legacy_apps/static/js/co…:62
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… foundation_cms/images/webp/utils.py:77
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… copy_staging_db_to_review_app.py:28
HIGH AUC003 [AUC003] Object-level route lacks visible authorization: A route with an object id-like p… foundation_cms/legacy_apps/news/urls.py:7
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… foundation_cms/images/webp/utils.py:21
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… foundation_cms/core/management/commands…:59
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… foundation_cms/legacy_apps/wagtailpages…:686
MED MINED109 [MINED109] Mutable default argument in `get_random_option` (list): `def get_random_option… foundation_cms/legacy_apps/wagtailpages…:27
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… foundation_cms/templatetags/breadcrumb_…:14
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… foundation_cms/search/signals.py:13
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tasks.py:702
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tasks.py:693
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tasks.py:781
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… foundation_cms/static/js/components/new…:121
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. foundation_cms/static/js/components/gal…:37
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… foundation_cms/search/signals.py:11
MED SEC031 [SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like … foundation_cms/legacy_apps/static/js/co…:33
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… foundation_cms/static/js/blocks/pillar_…:14
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… foundation_cms/legacy_apps/static/js/bu…:77
MED SEC028 [SEC028] CSRF Protection Removed — @csrf_exempt on state-changing endpoint: @csrf_exempt … foundation_cms/views.py:82
MED SEC028 [SEC028] CSRF Protection Removed — @csrf_exempt on state-changing endpoint: @csrf_exempt … foundation_cms/legacy_apps/events/views…:20
MED SEC028 [SEC028] CSRF Protection Removed — @csrf_exempt on state-changing endpoint: @csrf_exempt … foundation_cms/legacy_apps/campaign/vie…:29
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… foundation_cms/search/utils.py:22
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… foundation_cms/images/models.py:85
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… foundation_cms/nothing_personal/managem…:167
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… foundation_cms/core/factories/homepage_…:149
MED COMP001 [COMP001] High cognitive complexity: Function `resolve` has cognitive complexity 19 (Sona… foundation_cms/base/utils/helpers.py:88
MED COMP001 [COMP001] High cognitive complexity: Function `inject_images_into_data` has cognitive com… foundation_cms/base/utils/helpers.py:39
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKC015 Database service has no healthcheck docker-compose.yml:66
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore Dockerfile:107
MED JRN003 Frontend API reference is not matched by discovered backend routes foundation_cms/legacy_apps/static/js/bu…:97
MED JRN003 Frontend API reference is not matched by discovered backend routes foundation_cms/legacy_apps/static/js/bu…:65
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 3.3% of discovered r…
MED WEB015 Public web app has no Content Security Policy index.html
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … foundation_cms/urls.py:125
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … foundation_cms/urls.py:123
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… foundation_cms/urls.py:114
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… foundation_cms/urls.py:113
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… foundation_cms/urls.py:112
MED CORE_LARGE_FILES Average file size is 501 lines (recommend <300)
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… foundation_cms/static/js/blocks/hero_ac…:236
LOW COMP001 [COMP001] High cognitive complexity: Function `safe_handle_image_block` has cognitive com… foundation_cms/base/patches/wagtail_loc…:5
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:124
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:10
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:14
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:3
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:2
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:10
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:173
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:57
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:53
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:44
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/wagtailpages…:56
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/fo…:15
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/fo…:14
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/fo…:9
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/co…:2
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/co…:1
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/static/js/bu…:202
LOW AIC003 Duplicated implementation block across source files foundation_cms/legacy_apps/donate_banne…:161
LOW AIC003 Duplicated implementation block across source files foundation_cms/blocks/text_image_block.…:32
LOW WEB001 Public web app has no robots.txt robots.txt
LOW DKR010 Dockerfile leaves apt package indexes in the image layer Dockerfile:138
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKR011 Dockerfile installs recommended OS packages Dockerfile:152
LOW DKR012 Dockerfile keeps pip download cache Dockerfile:96
LOW DKC016 App service does not wait for database health docker-compose.yml:3
LOW WEB008 Public docs site has no llms.txt llms.txt
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:3
LOW WEB011 Public web app has no humans.txt humans.txt
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… foundation_cms/views.py:174
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… foundation_cms/legacy_apps/utility/mana…:29
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… foundation_cms/legacy_apps/utility/mana…:43
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. foundation_cms/legacy_apps/utility/mana…:14
INFO MINED079 [MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) — off-… foundation_cms/legacy_apps/utility/fake…:15
INFO MINED098 [MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global win… foundation_cms/legacy_apps/static/js/fo…:113
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… foundation_cms/legacy_apps/static/js/co…:114
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… foundation_cms/legacy_apps/static/js/co…:14
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… foundation_cms/legacy_apps/static/js/co…:8
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. foundation_cms/legacy_apps/utility/mana…:19
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. foundation_cms/images/webp/utils.py:104
INFO MINED057 [MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness — l… foundation_cms/blog/models.py:10
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. foundation_cms/legacy_apps/wagtailpages…:189
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. foundation_cms/legacy_apps/wagtailpages…:85
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. foundation_cms/blocks/common/link_block…:58
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… foundation_cms/legacy_apps/utility/mana…:74
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… foundation_cms/images/models.py:86
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… foundation_cms/blocks/common/link_block…:59
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… foundation_cms/legacy_apps/donate_banne…:49
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… foundation_cms/gallery_hub/models/proje…:152
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… foundation_cms/blocks/common/link_block…:77
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … foundation_cms/legacy_apps/static/js/bu…:125
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … foundation_cms/legacy_apps/static/js/bu…:129
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … copy-db.js:11
Reset to top 5 189 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `MozillaFoundation/foundation.mozilla.org`

**Score: 68/100 (B)**  ·  219 findings  ·  scanned 2026-06-05 19:56 UTC  ·  728,066 LOC

| Severity | Count |
|---|---|
| CRITICAL | 15 |
| HIGH | 82 |
| MEDIUM | 38 |
| LOW | 30 |

📊 [Full filterable report](https://repobility.com/scan/dc250080-d267-4bf9-ac32-2a9943ec5c3e/)  ·  ![scorecard](https://repobility.com/scan/dc250080-d267-4bf9-ac32-2a9943ec5c3e/report.png?v=1780689378-s2)

### Top findings

1. **CRITICAL** `MINED107` — Missing import: `locale` used but not imported
   `foundation_cms/footer/templatetags/footer_tags.py:20` · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `locale` used but not imported
   `foundation_cms/core/management/commands/update_multilingual_index.py:41` · ✓ Repobility
3. **CRITICAL** `MINED107` — Missing import: `locale` used but not imported
   `foundation_cms/navigation/templatetags/navigation_tags.py:20` · ✓ Repobility
4. **CRITICAL** `MINED107` — Missing import: `locale` used but not imported
   `foundation_cms/legacy_apps/wagtailpages/pagemodels/buyersguide/homepage.py:272` · ✓ Repobility
5. **CRITICAL** `MINED107` — Missing import: `locale` used but not imported
   `foundation_cms/legacy_apps/wagtailpages/pagemodels/index.py:88` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/dc250080-d267-4bf9-ac32-2a9943ec5c3e/_
Megaproject â high spam risk
Could not determine 'MozillaFoundation/foundation.mozilla.org' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.