{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `has_header` has cognitive complexity 10 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `has_header` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `registry:3` not pinned by digest: `FROM registry:3` resolves the tag at build time. The regi", "shortDescription": {"text": "[MINED118] Dockerfile FROM `registry:3` not pinned by digest: `FROM registry:3` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should p"}, "fullDescription": {"text": "Replace with: `FROM registry:3@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self", "shortDescription": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first t"}, "fullDescription": {"text": "Initialize `self.path = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `stri", "shortDescription": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import string` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1376"}, "properties": {"repository": "microsoft/WSL", "repoUrl": "https://github.com/microsoft/WSL", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 140784, "scanner": "repobility-ast-engine", "fingerprint": "93aa864e9a76ee1d82d1248a4d57bc2ee48fd982aea27f8c1ee7167213a4864d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93aa864e9a76ee1d82d1248a4d57bc2ee48fd982aea27f8c1ee7167213a4864d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "distributions/validate-modern.py"}, "region": {"startLine": 510}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 140783, "scanner": "repobility-ast-engine", "fingerprint": "69651a18b427be2f1c645a2d3a2d75840b9a20d12aecaa1f704209e9a70e2b1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69651a18b427be2f1c645a2d3a2d75840b9a20d12aecaa1f704209e9a70e2b1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "distributions/validate-modern.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 140782, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 140781, "scanner": "repobility-docker", "fingerprint": "1ea2b523849203eb4df792d27a929e0ab4e0f785c2b9f7545bbab38dd4b7143b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "registry:3", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1ea2b523849203eb4df792d27a929e0ab4e0f785c2b9f7545bbab38dd4b7143b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/images/wslc-registry/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 140757, "scanner": "repobility-threat-engine", "fingerprint": "a0675235a115545c302af4b3197cea6652f2023490016ff7084130f6b43ef13b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|103|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslcsession/WSLCContainer.h"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 140756, "scanner": "repobility-threat-engine", "fingerprint": "e055d9e666420a1b7ae46ceb129e82efbb5cd72b930e99924d021c6cb0356e6b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|36|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslc/services/ContainerService.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 140755, "scanner": "repobility-threat-engine", "fingerprint": "14abec1a0326fb068e34dba1cec9fadee3ac36362dfa58437b6a84e576bbb547", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|201|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/common/WSLCProcessLauncher.cpp"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 140745, "scanner": "repobility-threat-engine", "fingerprint": "b0555f89aa8369c0c0a57ec48da9712e981650e74453c487bb1e503b7a3c6e33", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b0555f89aa8369c0c0a57ec48da9712e981650e74453c487bb1e503b7a3c6e33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shared/inc/defs.h"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140780, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1df3b5fa30f7bdd657f66bf39e08354dbd14237c971352db6abbfd00d1e6a2ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/wslc/commands/ContainerCreateCommand.cpp", "duplicate_line": 18, "correlation_key": "fp|1df3b5fa30f7bdd657f66bf39e08354dbd14237c971352db6abbfd00d1e6a2ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslc/commands/ContainerRunCommand.cpp"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140779, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbdce98cc6bb6d8d064b29ac7ca5b8586f5f74e3a407399c5778c429d99d3d2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssCreateProcess.h", "duplicate_line": 95, "correlation_key": "fp|cbdce98cc6bb6d8d064b29ac7ca5b8586f5f74e3a407399c5778c429d99d3d2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/WslCoreInstance.h"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140778, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cafa13a188b3950fc4611b3ceef9fe2c443f6d410edd0c593389262220c6b431", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssInstance.h", "duplicate_line": 21, "correlation_key": "fp|cafa13a188b3950fc4611b3ceef9fe2c443f6d410edd0c593389262220c6b431"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/WslCoreInstance.h"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140777, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cef7aaac4a32f24708f9b201a948ff4d2f13af81d957c116c4c3d35c8b4c174a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/WslCoreInstance.cpp", "duplicate_line": 8, "correlation_key": "fp|cef7aaac4a32f24708f9b201a948ff4d2f13af81d957c116c4c3d35c8b4c174a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/WslCoreInstance.h"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140776, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80aac1367a076b03cba9324488bbcb4b3491cfe12d569319ed4fda30d847f3cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssInstance.cpp", "duplicate_line": 102, "correlation_key": "fp|80aac1367a076b03cba9324488bbcb4b3491cfe12d569319ed4fda30d847f3cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/WslCoreInstance.cpp"}, "region": {"startLine": 115}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140775, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c6edb54ab3d77f02373fe6873896714ace3c69484d3c874d6848e11c49c1682", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssCreateProcess.h", "duplicate_line": 95, "correlation_key": "fp|0c6edb54ab3d77f02373fe6873896714ace3c69484d3c874d6848e11c49c1682"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/WslCoreInstance.cpp"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140774, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70ffbc2499d46a541999aff72f66a222822fbd2f7f893ecc23038b4345966660", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssCreateProcess.h", "duplicate_line": 95, "correlation_key": "fp|70ffbc2499d46a541999aff72f66a222822fbd2f7f893ecc23038b4345966660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/LxssInstance.h"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140773, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3475c60893778c57a71c74ba5d7ea383606a1d61558f1a9c0036e2cbdbadceac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/service/exe/LxssCreateProcess.h", "duplicate_line": 95, "correlation_key": "fp|3475c60893778c57a71c74ba5d7ea383606a1d61558f1a9c0036e2cbdbadceac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/LxssInstance.cpp"}, "region": {"startLine": 100}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140772, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a01d14cadc22ac7a69ec3d8ca1e30a7f56c4d73e676d8d4d76f21883ae3019d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/windows/inc/docker_schema.h", "duplicate_line": 77, "correlation_key": "fp|7a01d14cadc22ac7a69ec3d8ca1e30a7f56c4d73e676d8d4d76f21883ae3019d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/inc/wslc_schema.h"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 140771, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79bad54eb8562ccfa2a23b2d05bf13e11d1c07aecf187ee1ec2fbdb8ef5a7429", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/linux/netlinkutil/IpNeighborManager.cpp", "duplicate_line": 175, "correlation_key": "fp|79bad54eb8562ccfa2a23b2d05bf13e11d1c07aecf187ee1ec2fbdb8ef5a7429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/linux/netlinkutil/IpRuleManager.cpp"}, "region": {"startLine": 16}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `has_header` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=5."}, "properties": {"repobilityId": 140770, "scanner": "repobility-threat-engine", "fingerprint": "144b1ef5388d20ffd599ec701753f04bd2eb405131b8a9de35ec991446f04720", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "has_header", "breakdown": {"if": 4, "for": 1, "nested_bonus": 5}, "complexity": 10, "correlation_key": "fp|144b1ef5388d20ffd599ec701753f04bd2eb405131b8a9de35ec991446f04720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/validate-copyright-headers.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 140767, "scanner": "repobility-threat-engine", "fingerprint": "cbc62cd55f2ab2c52c8df1b5cc13b9d4b75431068edc4ba0bbf27a56d2950d81", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cbc62cd55f2ab2c52c8df1b5cc13b9d4b75431068edc4ba0bbf27a56d2950d81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-release.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 140766, "scanner": "repobility-threat-engine", "fingerprint": "9ad542016ff09ebee8bbc264b30af77c2f7dad5901e84bf3b4bd7583cccadb3b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ad542016ff09ebee8bbc264b30af77c2f7dad5901e84bf3b4bd7583cccadb3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-change.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 140765, "scanner": "repobility-threat-engine", "fingerprint": "ad05a1b754a2f7ce49b07bd06f588dffcb908d4808d2de6faeefe6391ca62529", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|ad05a1b754a2f7ce49b07bd06f588dffcb908d4808d2de6faeefe6391ca62529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-release.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 140764, "scanner": "repobility-threat-engine", "fingerprint": "9412aa004ab95168bc8d198513d39f77468c2815055bc23dd47f02c25d72443e", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.post(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|9412aa004ab95168bc8d198513d39f77468c2815055bc23dd47f02c25d72443e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-change.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 140763, "scanner": "repobility-threat-engine", "fingerprint": "2fe04b8ebd004c17a88dee9c7e5564203665824534d18e790c6f5e014745cd2c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2fe04b8ebd004c17a88dee9c7e5564203665824534d18e790c6f5e014745cd2c", "aggregated_count": 10}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 140762, "scanner": "repobility-threat-engine", "fingerprint": "26623e21515bddd3c4c1b08f89c1db7069889cecf5d957bf980f5cd533bc4123", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26623e21515bddd3c4c1b08f89c1db7069889cecf5d957bf980f5cd533bc4123"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslsettings/ViewModels/Settings/DeveloperViewModel.cs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 140761, "scanner": "repobility-threat-engine", "fingerprint": "8b4dd63276fd93129b25dcc88d522912a9359cfd4dd9fccd0b8cd0b4aa332145", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b4dd63276fd93129b25dcc88d522912a9359cfd4dd9fccd0b8cd0b4aa332145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslsettings/Services/WindowService.cs"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 140760, "scanner": "repobility-threat-engine", "fingerprint": "34d7e51286e8c3762918c758779219c8d5b50212c8e576f7ecf1dd53231becd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34d7e51286e8c3762918c758779219c8d5b50212c8e576f7ecf1dd53231becd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslsettings/Behaviors/NavigationViewHeaderBehavior.cs"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 140754, "scanner": "repobility-threat-engine", "fingerprint": "8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "aggregated_count": 2}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 140753, "scanner": "repobility-threat-engine", "fingerprint": "18989c4bd841d95e1f2928463d803d346c12ca09ab40ebd91c0dbec908cde3b6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18989c4bd841d95e1f2928463d803d346c12ca09ab40ebd91c0dbec908cde3b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/LxssConsoleManager.cpp"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 140752, "scanner": "repobility-threat-engine", "fingerprint": "3ed5de1f252dd6263121c1fd08186d62724a06e95d82766274a2aba0bbcafa5d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ed5de1f252dd6263121c1fd08186d62724a06e95d82766274a2aba0bbcafa5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/GuestTelemetryLogger.cpp"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 140751, "scanner": "repobility-threat-engine", "fingerprint": "dfe65f0764972a471003ac092615c3b1cc2570c832df1e158a972be7f635d3dd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dfe65f0764972a471003ac092615c3b1cc2570c832df1e158a972be7f635d3dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/common/Dmesg.cpp"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 140750, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 140746, "scanner": "repobility-threat-engine", "fingerprint": "0f8387a53789b6f9f1c40ed715373daf858c68ad64430e2718b594e03564366c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f8387a53789b6f9f1c40ed715373daf858c68ad64430e2718b594e03564366c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shared/inc/defs.h"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140819, "scanner": "repobility-supply-chain", "fingerprint": "09003474e7dd2d8a2a281ce0a44a753ac0b9fe90a3f27bab9a537e9ec8f6f3f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|09003474e7dd2d8a2a281ce0a44a753ac0b9fe90a3f27bab9a537e9ec8f6f3f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/distributions.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140818, "scanner": "repobility-supply-chain", "fingerprint": "c316e2e368d43e9e3432d885b33c8e7b0d467373359db8758b2e3193afa9f399", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c316e2e368d43e9e3432d885b33c8e7b0d467373359db8758b2e3193afa9f399"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issue_edited.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140817, "scanner": "repobility-supply-chain", "fingerprint": "3052ced00b46e99ae61ed70b6769bc9e1c8a8dfa81ebc3d1649a3a3d9b790b31", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3052ced00b46e99ae61ed70b6769bc9e1c8a8dfa81ebc3d1649a3a3d9b790b31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/new_issue_comment.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140816, "scanner": "repobility-supply-chain", "fingerprint": "e5227f1a6f0efa9795a443655b54f5ef30a3593d02de1ef49f5cc1f82d7c6ca1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e5227f1a6f0efa9795a443655b54f5ef30a3593d02de1ef49f5cc1f82d7c6ca1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/documentation.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-pages-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-pages-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140815, "scanner": "repobility-supply-chain", "fingerprint": "29d5669a7c2ad187af761ba90eedf172a56331c950744f2e6217af4be63201b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|29d5669a7c2ad187af761ba90eedf172a56331c950744f2e6217af4be63201b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/documentation.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140814, "scanner": "repobility-supply-chain", "fingerprint": "cc6e29b00b645116eab9f7272d43970fd95af044c40bebdb743eb9616b93d00a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc6e29b00b645116eab9f7272d43970fd95af044c40bebdb743eb9616b93d00a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/documentation.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140813, "scanner": "repobility-supply-chain", "fingerprint": "e3608c63f1e5d4fc06fa55ae12cba336d585a632155390b84f1c40d8dcbf37e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3608c63f1e5d4fc06fa55ae12cba336d585a632155390b84f1c40d8dcbf37e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/modern-distributions.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 140812, "scanner": "repobility-supply-chain", "fingerprint": "6ce779e82d0ad99fedda515577dd232c53c2652abfc89ce565e3bfb7ba7f4857", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ce779e82d0ad99fedda515577dd232c53c2652abfc89ce565e3bfb7ba7f4857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/new_issue.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `registry:3` not pinned by digest: `FROM registry:3` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 140811, "scanner": "repobility-supply-chain", "fingerprint": "788cf2598dcbdeb246bfef084b298bdd9eb66c62673bc9a300bc9672d55c7e29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|788cf2598dcbdeb246bfef084b298bdd9eb66c62673bc9a300bc9672d55c7e29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/images/wslc-registry/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140810, "scanner": "repobility-ast-engine", "fingerprint": "e5f94512eb7e55b80b56b89c3a49491d4950fd165b09e12c0d8580d9c8c4291b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5f94512eb7e55b80b56b89c3a49491d4950fd165b09e12c0d8580d9c8c4291b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140809, "scanner": "repobility-ast-engine", "fingerprint": "7ba51b475dfa43c1e8f29557db70c7761eeb36ae980d0b14cbf62ab9591192b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ba51b475dfa43c1e8f29557db70c7761eeb36ae980d0b14cbf62ab9591192b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.copyfile` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.copyfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140808, "scanner": "repobility-ast-engine", "fingerprint": "bb7095a8c9681302849fab912dc689665cb8b8d53ac9bd6e3da51855cf7d457c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb7095a8c9681302849fab912dc689665cb8b8d53ac9bd6e3da51855cf7d457c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_head` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.send_head`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140807, "scanner": "repobility-ast-engine", "fingerprint": "ba6b2fb977b3b87beb3433780f4121aca549808674132aba92f1076f9b47ada0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba6b2fb977b3b87beb3433780f4121aca549808674132aba92f1076f9b47ada0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140806, "scanner": "repobility-ast-engine", "fingerprint": "29c56e04fbd05ce8dc5e906ef4bb2d0f8c1dc00f933530f09a0bc814b57d644c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29c56e04fbd05ce8dc5e906ef4bb2d0f8c1dc00f933530f09a0bc814b57d644c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140805, "scanner": "repobility-ast-engine", "fingerprint": "8a0c5baf6f866b54b32f26f6242767dd2eb5ae6bce01cbbf1a88f0ceb3805e64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a0c5baf6f866b54b32f26f6242767dd2eb5ae6bce01cbbf1a88f0ceb3805e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140804, "scanner": "repobility-ast-engine", "fingerprint": "69e3410d6947d8d03a42148e347f61f6731b621009fbde2b514a284623f0cec7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69e3410d6947d8d03a42148e347f61f6731b621009fbde2b514a284623f0cec7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.copyfile` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.copyfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140803, "scanner": "repobility-ast-engine", "fingerprint": "cfe1546ec478a9a521c7ac22a3ba8e32baa1d710d54468d39a1a7681fe8f6797", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfe1546ec478a9a521c7ac22a3ba8e32baa1d710d54468d39a1a7681fe8f6797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_head` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.send_head`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140802, "scanner": "repobility-ast-engine", "fingerprint": "d996693b1ba67e417e1e7b0680b34a878d716b7227a2d459c78179ba2bb80de4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d996693b1ba67e417e1e7b0680b34a878d716b7227a2d459c78179ba2bb80de4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.wfile` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.wfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140801, "scanner": "repobility-ast-engine", "fingerprint": "ab84899e9d0a96d064455bbdcb758cfb1336d3920ae6ce2beefbd1be3a0456e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab84899e9d0a96d064455bbdcb758cfb1336d3920ae6ce2beefbd1be3a0456e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140800, "scanner": "repobility-ast-engine", "fingerprint": "3f3e78b167c44ede74cc11440b7952465288d80a7006fcb8c48606e99e7e4d8b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f3e78b167c44ede74cc11440b7952465288d80a7006fcb8c48606e99e7e4d8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140799, "scanner": "repobility-ast-engine", "fingerprint": "d4cb5fbd329c5c8572923dffbe627731805752b3c55915ac5237604a499f2f5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4cb5fbd329c5c8572923dffbe627731805752b3c55915ac5237604a499f2f5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.end_headers` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.end_headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140798, "scanner": "repobility-ast-engine", "fingerprint": "c8ab05d9dbe8c692d03f73f4fe0ef3200925ded69e08439015f48f8c80e20f71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8ab05d9dbe8c692d03f73f4fe0ef3200925ded69e08439015f48f8c80e20f71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140797, "scanner": "repobility-ast-engine", "fingerprint": "02ee07be908fbc7205bd12b60c1aa630eac73222f8a72de3b55d6a32915cf08b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02ee07be908fbc7205bd12b60c1aa630eac73222f8a72de3b55d6a32915cf08b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_header` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140796, "scanner": "repobility-ast-engine", "fingerprint": "fb3faa200e2c4ce7e4970d3339d0c34f34be4986dcf89aaff108c97fc6150305", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb3faa200e2c4ce7e4970d3339d0c34f34be4986dcf89aaff108c97fc6150305"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.send_response` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.send_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140795, "scanner": "repobility-ast-engine", "fingerprint": "c489abde17e9262e9fc29fcb29f7b307bd033f4920f8a2f72b34a2d8ec95cbfd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c489abde17e9262e9fc29fcb29f7b307bd033f4920f8a2f72b34a2d8ec95cbfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140794, "scanner": "repobility-ast-engine", "fingerprint": "ad0ef25035ab6d4b45ed76dc971524ea60be10e20ddf74d79ff0697bcb6a057c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad0ef25035ab6d4b45ed76dc971524ea60be10e20ddf74d79ff0697bcb6a057c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.path` used but never assigned in __init__: Method `do_GET` of class `ReleaseRequestHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140793, "scanner": "repobility-ast-engine", "fingerprint": "1b2db2e3d74df00b1594320e837b994f4099942f101f3ad80ae2aae3839df2e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b2db2e3d74df00b1594320e837b994f4099942f101f3ad80ae2aae3839df2e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/gh-release-server.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._render_locked` used but never assigned in __init__: Method `_loop` of class `StatusLine` reads `self._render_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140792, "scanner": "repobility-ast-engine", "fingerprint": "8ffc0b298e2b9330a37ba1f4dc20cef66b2926f7d2b66c3c30680daca23a1ee5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ffc0b298e2b9330a37ba1f4dc20cef66b2926f7d2b66c3c30680daca23a1ee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._restore_cursor_locked` used but never assigned in __init__: Method `pause` of class `StatusLine` reads `self._restore_cursor_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140791, "scanner": "repobility-ast-engine", "fingerprint": "97fe2c9c505ecdd3947abc91e77b4e10d3c501ef8be512a733573793f96f2188", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97fe2c9c505ecdd3947abc91e77b4e10d3c501ef8be512a733573793f96f2188"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._clear_locked` used but never assigned in __init__: Method `pause` of class `StatusLine` reads `self._clear_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140790, "scanner": "repobility-ast-engine", "fingerprint": "b01f1594a279c377659851b177cbbf6fc56a6604b71e7a82632f6b3cc935e257", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b01f1594a279c377659851b177cbbf6fc56a6604b71e7a82632f6b3cc935e257"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._render_locked` used but never assigned in __init__: Method `begin_iteration` of class `StatusLine` reads `self._render_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140789, "scanner": "repobility-ast-engine", "fingerprint": "18f917231bd82f17790876b317f4a5bb24336013546a312ad9864fb65a6f4a0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18f917231bd82f17790876b317f4a5bb24336013546a312ad9864fb65a6f4a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._restore_cursor_locked` used but never assigned in __init__: Method `stop` of class `StatusLine` reads `self._restore_cursor_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140788, "scanner": "repobility-ast-engine", "fingerprint": "1bc2b715e6aebb4b2645c3de1928f3634442e8648d897a3c80d25c0b584a5644", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bc2b715e6aebb4b2645c3de1928f3634442e8648d897a3c80d25c0b584a5644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._clear_locked` used but never assigned in __init__: Method `stop` of class `StatusLine` reads `self._clear_locked`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140787, "scanner": "repobility-ast-engine", "fingerprint": "39f9a534add4b769a820a6a9ba8ddf68e4d43c507d5287eb217c72f2d3797d27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39f9a534add4b769a820a6a9ba8ddf68e4d43c507d5287eb217c72f2d3797d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._safe_restore` used but never assigned in __init__: Method `stop` of class `StatusLine` reads `self._safe_restore`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 140786, "scanner": "repobility-ast-engine", "fingerprint": "ce0b85635809abd1d8a3217bdd16de2b1dba5368c616b5102e614b4fbac862c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce0b85635809abd1d8a3217bdd16de2b1dba5368c616b5102e614b4fbac862c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/test/loop-tests.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 36 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=11, nested_bonus=18, ternary=4."}, "properties": {"repobilityId": 140769, "scanner": "repobility-threat-engine", "fingerprint": "ca16d86a1065658504fa9ca9a00b1e5a7c4a85cff6aa39a4d191f0c12ca870b1", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 36 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 11, "for": 2, "else": 1, "ternary": 4, "nested_bonus": 18}, "complexity": 36, "correlation_key": "fp|ca16d86a1065658504fa9ca9a00b1e5a7c4a85cff6aa39a4d191f0c12ca870b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-release.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 140768, "scanner": "repobility-threat-engine", "fingerprint": "f23830417ca7244082991084eec942ee9b43f5c109e0079404bc4d483ddf59e8", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'\\(#([0-9]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|87|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/create-release.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 140759, "scanner": "repobility-threat-engine", "fingerprint": "c59950f2af4dcb394f413bf24eef735eeec2a850b1a29b970f450227eccbbe1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(_In_", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c59950f2af4dcb394f413bf24eef735eeec2a850b1a29b970f450227eccbbe1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslcsession/WSLCContainer.h"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 140758, "scanner": "repobility-threat-engine", "fingerprint": "11d7218c2c5d876bdd81eb030803ac315c2bb37bf7c7023dc6abdbec33bd0ee2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(models", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|11d7218c2c5d876bdd81eb030803ac315c2bb37bf7c7023dc6abdbec33bd0ee2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslc/services/ContainerService.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 140749, "scanner": "repobility-threat-engine", "fingerprint": "6f313b004cee21b1ee7b229022ac2737ea5902b2ee670c608d5ad3914e7ad53b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "m_threadExit.create(wil::EventOptions::ManualReset);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6f313b004cee21b1ee7b229022ac2737ea5902b2ee670c608d5ad3914e7ad53b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/service/exe/GuestTelemetryLogger.cpp"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 140748, "scanner": "repobility-threat-engine", "fingerprint": "39fd069c4c01317a0837943fde747858b371e84cb2d8a8d975c523d25ab0f142", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "m_overlappedEvent.create(wil::EventOptions::ManualReset);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39fd069c4c01317a0837943fde747858b371e84cb2d8a8d975c523d25ab0f142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/common/Dmesg.cpp"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 140747, "scanner": "repobility-threat-engine", "fingerprint": "3d080ba277f3b34130c88b8f394e6b9381aae33f5bd4cea53d0f4a345ec02fc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "m_event.create(wil::EventOptions::ManualReset);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d080ba277f3b34130c88b8f394e6b9381aae33f5bd4cea53d0f4a345ec02fc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/common/ConsoleProgressIndicator.cpp"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 140744, "scanner": "repobility-threat-engine", "fingerprint": "31ce45e3cd05b15ea73dff7cec4cb3d871436234a1723e6995014a6760cc05de", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|31ce45e3cd05b15ea73dff7cec4cb3d871436234a1723e6995014a6760cc05de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/wslcsession/DockerHTTPClient.h"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 140743, "scanner": "repobility-threat-engine", "fingerprint": "61045e46ea9815bd60e581a452864454739898ce6d41559c3cea751b923135c1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|61045e46ea9815bd60e581a452864454739898ce6d41559c3cea751b923135c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/windows/common/filesystem.hpp"}, "region": {"startLine": 222}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 140742, "scanner": "repobility-threat-engine", "fingerprint": "bfdb4746e9921324867aee084af4cc8b600b3a0b401a3adb119be7d3b82983ac", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bfdb4746e9921324867aee084af4cc8b600b3a0b401a3adb119be7d3b82983ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "distributions/validate.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 140785, "scanner": "repobility-ast-engine", "fingerprint": "7a942ade305d80e8a54afbe0ebf6413f8c1009de979d16f06ebd954194b66b57", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a942ade305d80e8a54afbe0ebf6413f8c1009de979d16f06ebd954194b66b57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/devops/validate-localization.py"}, "region": {"startLine": 117}}}]}]}]}