{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is cons", "shortDescription": {"text": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every futur"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def nested(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 20 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 20."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED046", "name": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger.", "shortDescription": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases.", "shortDescription": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC021", "name": "[SEC021] Shell Trace Around Secret Handling (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[SEC021] Shell Trace Around Secret Handling (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Disable xtrace before reading secrets, re-enable it only after secret handling, and rotate any secret exposed in logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 4 more): Same pattern found in 4 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 5 more): Same pattern found in 5 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED015", "name": "[MINED015] Ruby Eval Call (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED015] Ruby Eval Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED010", "name": "[MINED010] Ruby System Call (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED010] Ruby System Call (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 29 more): Same pattern found in 29 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked in", "shortDescription": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_subcomponent_in: Test function `test_subcomponent_in` runs code but contains no a", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_subcomponent_in: Test function `test_subcomponent_in` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `fence` of class `CommonMarkRenderer` read", "shortDescription": {"text": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `fence` of class `CommonMarkRenderer` reads `self._maybe_parbreak`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribut"}, "fullDescription": {"text": "Initialize `self._maybe_parbreak = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC032", "name": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without valida", "shortDescription": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served direc"}, "fullDescription": {"text": "Validate THREE things server-side:\n 1. Extension allowlist:\n ALLOWED = {'.png', '.jpg', '.pdf'}\n ext = Path(file.filename).suffix.lower()\n if ext not in ALLOWED: abort(400)\n 2. Magic-byte check (don't trust the extension):\n import magic\n mime = magic.from_buffer(file.read(2048), mime=True)\n 3. Save with a random/UUID filename to a non-executable directory.\nSanitize with `werkzeug.secure_filename`. Never reuse the user's name."}, "properties": {"scanner": "repobility-threat-engine", "category": "file_upload", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED002", "name": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check.", "shortDescription": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC033", "name": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without fil", "shortDescription": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting ever"}, "fullDescription": {"text": "Sanitize keys BEFORE merge:\n function sanitize(obj) {\n delete obj.__proto__;\n delete obj.constructor;\n delete obj.prototype;\n return obj;\n }\nOr use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.NIXPKGS_MANUAL_EDIT_CHECK_APP_PRIVATE_KEY` on a `pull_request` trigger: This workflow ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.NIXPKGS_MANUAL_EDIT_CHECK_APP_PRIVATE_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NIXPKGS_MANUAL_EDIT_CHECK_APP_PRIV"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `sys` used but not imported: The file uses `sys.something(...)` but never imports `sys`. This", "shortDescription": {"text": "[MINED107] Missing import: `sys` used but not imported: The file uses `sys.something(...)` but never imports `sys`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import sys` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1387"}, "properties": {"repository": "NixOS/nixpkgs", "repoUrl": "https://github.com/NixOS/nixpkgs", "branch": "master"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142345, "scanner": "repobility-ast-engine", "fingerprint": "9fd0ac4cd0f09def489798e8029e6b19ff0af23c27e0a7e99c58696884138a95", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9fd0ac4cd0f09def489798e8029e6b19ff0af23c27e0a7e99c58696884138a95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142344, "scanner": "repobility-ast-engine", "fingerprint": "07708fcf55900422981d85002a553d60352d8f5c40186ea3d261468c7345232e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07708fcf55900422981d85002a553d60352d8f5c40186ea3d261468c7345232e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142343, "scanner": "repobility-ast-engine", "fingerprint": "cdf34f8c05a0c156805125917eaca92e6c248dfd43fdd2eb60bca75584aa83b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdf34f8c05a0c156805125917eaca92e6c248dfd43fdd2eb60bca75584aa83b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142342, "scanner": "repobility-ast-engine", "fingerprint": "81a9ed78f8cf9049945a5c8e9f7357995fee920cfa960004123811db0369328f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81a9ed78f8cf9049945a5c8e9f7357995fee920cfa960004123811db0369328f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142341, "scanner": "repobility-ast-engine", "fingerprint": "ace430cf02587f36b8eea6a8a2d07f0bde924031d320bd456a6ad52561b9c830", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ace430cf02587f36b8eea6a8a2d07f0bde924031d320bd456a6ad52561b9c830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142340, "scanner": "repobility-ast-engine", "fingerprint": "2134138a97d9f36381173ecd96648eb99aae267a8738e06ff962d27855a127fc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2134138a97d9f36381173ecd96648eb99aae267a8738e06ff962d27855a127fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142339, "scanner": "repobility-ast-engine", "fingerprint": "8dc7793d90ee32286388caf494452333fc4d816756b4ebe652e7e4951a54f8cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dc7793d90ee32286388caf494452333fc4d816756b4ebe652e7e4951a54f8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142338, "scanner": "repobility-ast-engine", "fingerprint": "e8a96b7b4778a22f1738bbe338f69c1b74045172caeaefd626bea766ecea4f98", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8a96b7b4778a22f1738bbe338f69c1b74045172caeaefd626bea766ecea4f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142337, "scanner": "repobility-ast-engine", "fingerprint": "f91ec68ba0c787ef52c08532e7f860b473054a86ecfc7b858f8b150318d08972", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f91ec68ba0c787ef52c08532e7f860b473054a86ecfc7b858f8b150318d08972"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142336, "scanner": "repobility-ast-engine", "fingerprint": "413468646ed6acd2ba6c7a95c25009ac5b56db458609a833558f9fd81d42743f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|413468646ed6acd2ba6c7a95c25009ac5b56db458609a833558f9fd81d42743f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142335, "scanner": "repobility-ast-engine", "fingerprint": "26b9d8b04b295bdf8c5429f704393769bee6eee1e302ec71fe102881fda4f7c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26b9d8b04b295bdf8c5429f704393769bee6eee1e302ec71fe102881fda4f7c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142334, "scanner": "repobility-ast-engine", "fingerprint": "05d3c6c3b49dde7a077e259e0bec454ce454ce121928131c34f0720d882e6154", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05d3c6c3b49dde7a077e259e0bec454ce454ce121928131c34f0720d882e6154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/lib/test-driver/src/test_driver/logger.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142330, "scanner": "repobility-ast-engine", "fingerprint": "b05ccfe974afde5036d50179299fd309623a63c5b37363aae8ddd55d70e937cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b05ccfe974afde5036d50179299fd309623a63c5b37363aae8ddd55d70e937cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/hydra-eval-failures.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142329, "scanner": "repobility-ast-engine", "fingerprint": "beb8ef525f3e54872be778831a739deaf5eea8db5ef262b8267e8f5289bb4ef7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|beb8ef525f3e54872be778831a739deaf5eea8db5ef262b8267e8f5289bb4ef7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/hydra-eval-failures.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `request` (list): `def request(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142328, "scanner": "repobility-ast-engine", "fingerprint": "43308602a5b0399edda00f9347c3c4dfd341dc62017283824fdd3a54f242d3d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43308602a5b0399edda00f9347c3c4dfd341dc62017283824fdd3a54f242d3d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/desktops/gnome/extensions/update-extensions.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142326, "scanner": "repobility-ast-engine", "fingerprint": "9130008e85c5df9061693ebf57ecbe3a98927f3cd3abcbbe7424492a7c953503", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9130008e85c5df9061693ebf57ecbe3a98927f3cd3abcbbe7424492a7c953503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/desktops/gnome/find-latest-version.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142325, "scanner": "repobility-ast-engine", "fingerprint": "3ec0e721144ec98617062e6131e60075f5d731d882cdccd07009f53cd9fc3362", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ec0e721144ec98617062e6131e60075f5d731d882cdccd07009f53cd9fc3362"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/desktops/gnome/find-latest-version.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142324, "scanner": "repobility-ast-engine", "fingerprint": "c687107a5546ca9993368f33f91dafb94d8e673663c2e58f5e89e4737ade7ad3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c687107a5546ca9993368f33f91dafb94d8e673663c2e58f5e89e4737ade7ad3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/desktops/gnome/find-latest-version.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `api` (dict): `def api(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142322, "scanner": "repobility-ast-engine", "fingerprint": "e6f8f24967850388a22f87b5682b548238bc4ab9975d474de702dac314eb3646", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6f8f24967850388a22f87b5682b548238bc4ab9975d474de702dac314eb3646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/fetchitchio/fetchitchio.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142321, "scanner": "repobility-ast-engine", "fingerprint": "f8131a2ae6d477e2bd638b777771f46997b7c0ee086017699d2d54650aabcd5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8131a2ae6d477e2bd638b777771f46997b7c0ee086017699d2d54650aabcd5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/gis/qgis/test.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142320, "scanner": "repobility-ast-engine", "fingerprint": "b3b90005303e6ac223a83944d9a8e496d11e25b686517b4d9c444dd25cd6f2b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3b90005303e6ac223a83944d9a8e496d11e25b686517b4d9c444dd25cd6f2b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/update_bin.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142319, "scanner": "repobility-ast-engine", "fingerprint": "cc4c7071698089fb9827f2325da056df57c6428cf8f0d46df3e37137b9c6e973", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc4c7071698089fb9827f2325da056df57c6428cf8f0d46df3e37137b9c6e973"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142318, "scanner": "repobility-ast-engine", "fingerprint": "a19df58e075bb1c6771b971883254abb7c13ac88c22deedacd080675e1491a1f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a19df58e075bb1c6771b971883254abb7c13ac88c22deedacd080675e1491a1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/update_src.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142317, "scanner": "repobility-ast-engine", "fingerprint": "f4c647291868233b7ce40efdf19b5dc828dfbd7815ada5a0fca2797d64cb9f93", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4c647291868233b7ce40efdf19b5dc828dfbd7815ada5a0fca2797d64cb9f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/data/fonts/maple-font/update.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `process` (dict): `def process(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142316, "scanner": "repobility-ast-engine", "fingerprint": "ecf814b7a01a29ed17b23923d617f63cafe18135e515794ec6041c55d63be1ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecf814b7a01a29ed17b23923d617f63cafe18135e515794ec6041c55d63be1ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/servers/dict/wiktionary/wiktionary2dict.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142315, "scanner": "repobility-ast-engine", "fingerprint": "bd96628c24c26bd4797a9ac9c44939ec317885511f776464df23c7c6bcaaf9c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd96628c24c26bd4797a9ac9c44939ec317885511f776464df23c7c6bcaaf9c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/nixpkgs-plugin-update/nixpkgs-plugin-update/src/nixpkgs_plugin_update/__init__.py"}, "region": {"startLine": 1386}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `rewrite_input` (list): `def rewrite_input(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142314, "scanner": "repobility-ast-engine", "fingerprint": "6d9b0ce245e88f5934a5cd4e982a8bd4136e76b2641e213dcc2d10917083346e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d9b0ce245e88f5934a5cd4e982a8bd4136e76b2641e213dcc2d10917083346e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/nixpkgs-plugin-update/nixpkgs-plugin-update/src/nixpkgs_plugin_update/__init__.py"}, "region": {"startLine": 1390}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `rewrite_input` (dict): `def rewrite_input(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142313, "scanner": "repobility-ast-engine", "fingerprint": "03cdd7954a9df9d6eb805314c08f1ab9691bdf45a0691fc5e4ad0279824d04cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03cdd7954a9df9d6eb805314c08f1ab9691bdf45a0691fc5e4ad0279824d04cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/nixpkgs-plugin-update/nixpkgs-plugin-update/src/nixpkgs_plugin_update/__init__.py"}, "region": {"startLine": 1390}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142311, "scanner": "repobility-ast-engine", "fingerprint": "89a5bfe8e6f2c9d81aeb81d8b18ed1bc36a9cf0594ca2a8713f8910443bd4457", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89a5bfe8e6f2c9d81aeb81d8b18ed1bc36a9cf0594ca2a8713f8910443bd4457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/tools/electron/update_util.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142310, "scanner": "repobility-ast-engine", "fingerprint": "54b5016e01116a440b6899d0451a1521d767738360d47eceaf5e79ee2c6e08a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54b5016e01116a440b6899d0451a1521d767738360d47eceaf5e79ee2c6e08a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/tools/electron/update_util.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142309, "scanner": "repobility-ast-engine", "fingerprint": "5552bfcc88890a830b95197fa6088edcb252b6dc8ce9f07ebc1bd255bf74b752", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5552bfcc88890a830b95197fa6088edcb252b6dc8ce9f07ebc1bd255bf74b752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/he/helix/generate_grammars.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142308, "scanner": "repobility-ast-engine", "fingerprint": "cc0b641e8017ecc6aff770d166d947506212bc89d0b327f4f1846f50cefc45fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc0b641e8017ecc6aff770d166d947506212bc89d0b327f4f1846f50cefc45fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ac/acli/update.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142307, "scanner": "repobility-ast-engine", "fingerprint": "a75bfaa839c6eaa2cbcb33fd18deab0d99edb892bcbc95a0a0342c3264ef97ce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a75bfaa839c6eaa2cbcb33fd18deab0d99edb892bcbc95a0a0342c3264ef97ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ro/roon-server/update.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142306, "scanner": "repobility-ast-engine", "fingerprint": "947bbc83ecbf4c7b6e13ff786348d5dcf4c318e552e39a826c5fe90365643cfa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|947bbc83ecbf4c7b6e13ff786348d5dcf4c318e552e39a826c5fe90365643cfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ya/yazi/plugins/update.py"}, "region": {"startLine": 714}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142305, "scanner": "repobility-ast-engine", "fingerprint": "e75fd6d7816a3e69fab61ffa7e877015cefa1650d3058c50fb84613c4ec6d827", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e75fd6d7816a3e69fab61ffa7e877015cefa1650d3058c50fb84613c4ec6d827"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ya/yazi/plugins/update.py"}, "region": {"startLine": 610}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142304, "scanner": "repobility-ast-engine", "fingerprint": "8fc20348c26db93805715d372a12a6eac0457531c2657923dbdaadb41333537b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fc20348c26db93805715d372a12a6eac0457531c2657923dbdaadb41333537b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ya/yazi/plugins/update.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142303, "scanner": "repobility-ast-engine", "fingerprint": "491f30b703b49f8d5b7cee7b40fef97deb7f85303b6c3a8cd597bc9e5110f448", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|491f30b703b49f8d5b7cee7b40fef97deb7f85303b6c3a8cd597bc9e5110f448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ya/yazi/plugins/update.py"}, "region": {"startLine": 614}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142302, "scanner": "repobility-ast-engine", "fingerprint": "b010052e9b40322763e57b26b3faf5316a7e77e22cfb6132165dc307bc607c4a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b010052e9b40322763e57b26b3faf5316a7e77e22cfb6132165dc307bc607c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ca/calamares-nixos-extensions/src/modules/nixos/main.py"}, "region": {"startLine": 1083}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `directed_graph` (list): `def directed_graph(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142301, "scanner": "repobility-ast-engine", "fingerprint": "9d0f6770bc7ff970f6746e0bf8d1078a56ad01cf8b946e1dcee667ce4b7964cf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d0f6770bc7ff970f6746e0bf8d1078a56ad01cf8b946e1dcee667ce4b7964cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/lib.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `auto_patchelf` (list): `def auto_patchelf(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142295, "scanner": "repobility-ast-engine", "fingerprint": "6a9863df8082b235699bd21cbfdb8dccfd1817497e0b0f6699767a80febcafff", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a9863df8082b235699bd21cbfdb8dccfd1817497e0b0f6699767a80febcafff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/au/auto-patchelf/source/auto-patchelf.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `auto_patchelf_file` (list): `def auto_patchelf_file(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142294, "scanner": "repobility-ast-engine", "fingerprint": "54f1024e29226933dca844d2d806d504876555a837e3b70e5585ad45a7a2da70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54f1024e29226933dca844d2d806d504876555a837e3b70e5585ad45a7a2da70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/au/auto-patchelf/source/auto-patchelf.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142293, "scanner": "repobility-ast-engine", "fingerprint": "1c66c0beeac5bce71f82993e266d9f2f176e08fc65b92d9de06a90cede8c1843", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c66c0beeac5bce71f82993e266d9f2f176e08fc65b92d9de06a90cede8c1843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/oc/ocis_5-bin/update.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142292, "scanner": "repobility-ast-engine", "fingerprint": "3890e3f6956c50fb0b3c54faf349f5fd1edac4f5f7a72526817e1687308fef84", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3890e3f6956c50fb0b3c54faf349f5fd1edac4f5f7a72526817e1687308fef84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/oc/ocis_5-bin/update.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142277, "scanner": "repobility-ast-engine", "fingerprint": "d3fbdbfcef334de78170d564ac1ebf8bd107cb080fbb295553e8a7d2c53c7ced", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3fbdbfcef334de78170d564ac1ebf8bd107cb080fbb295553e8a7d2c53c7ced"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_manpage.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_map_worker_step` (list): `def _map_worker_step(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 142269, "scanner": "repobility-ast-engine", "fingerprint": "1c19cfb4044501dc74c1c76abc308f94a3f2a1a6b1c5065ab5666e9fc146f63c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c19cfb4044501dc74c1c76abc308f94a3f2a1a6b1c5065ab5666e9fc146f63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/parallel.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142268, "scanner": "repobility-ast-engine", "fingerprint": "134521de6f97460b742e9da786ba097904faf257249f2d499521e518e4ea43d4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|134521de6f97460b742e9da786ba097904faf257249f2d499521e518e4ea43d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/__init__.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 142244, "scanner": "repobility-ast-engine", "fingerprint": "8cb4f3eb75ddb48366d5650c19d4e69a76200f5cfc4be3320d92cea68f0a3b70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cb4f3eb75ddb48366d5650c19d4e69a76200f5cfc4be3320d92cea68f0a3b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/nixos_render_docs_redirects/__init__.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 142240, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 142239, "scanner": "repobility-agent-runtime", "fingerprint": "d5a412c9b7eee6e7a9b7be705e6819f2ee56ca65bedb52561a355a7df020ea66", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d5a412c9b7eee6e7a9b7be705e6819f2ee56ca65bedb52561a355a7df020ea66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/doc/manual/release-notes/rl-1903.section.md"}, "region": {"startLine": 50}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 142238, "scanner": "repobility-agent-runtime", "fingerprint": "fb37ed57a1b73a6462692e8ab5692e45ab1b6365e859fc0fb0748c6d258741a5", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|fb37ed57a1b73a6462692e8ab5692e45ab1b6365e859fc0fb0748c6d258741a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/doc/manual/installation/installing-from-other-distro.section.md"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 142225, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c023e05d7f42819404f8987fcf7e7e07e10ce9a7a479251ed03e8fcc026eb34", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0c023e05d7f42819404f8987fcf7e7e07e10ce9a7a479251ed03e8fcc026eb34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/we/wemeet/wemeet-x11-fix.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 142224, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44204cad1438245bd31bbc96958a72e7c7544a0c008bfeed5c7971ae62ddea8d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|44204cad1438245bd31bbc96958a72e7c7544a0c008bfeed5c7971ae62ddea8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/vs/vscode-extension-update/vscode_extension_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 142203, "scanner": "repobility-threat-engine", "fingerprint": "85a6742f67b953a6e3c6c45d1541dd6f7b877b2f469e8a5c2fe8af663edabc01", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.7 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password=\"\"", "reason": "Low entropy value (3.7 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/tools/build-managers/gradle/setup-hook.sh"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 142187, "scanner": "repobility-threat-engine", "fingerprint": "5c9a305a09b5d7c4db9ffd25b18feb0e82d1f9f6f354ae1da6cab6e893241fbe", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|81|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/fetchpypilegacy/fetch-legacy.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 142176, "scanner": "repobility-threat-engine", "fingerprint": "47ef2e2f542882ecab9ce144a8f12c4cfdd0074fcb592a8cee9e3c2dde20dbdd", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|31|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/maubot/plugins/update.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 142164, "scanner": "repobility-threat-engine", "fingerprint": "5019341c55e935881333dc909f26e9144797c0a248d120300038c802ee002fb0", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.check_output(\n \"nix --extra-experimental-features nix-command eval \"", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|55|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/dp/dprint/plugins/update-plugins.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 142163, "scanner": "repobility-threat-engine", "fingerprint": "f375231899d502b2241d3a2a099cdb42c94fce24af56eedf2f1d85f0b467dd62", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n f\"nix-store --dump {item['path']} {compressionCommand}\",\n std", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|21|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/binary-cache/make-binary-cache.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 142148, "scanner": "repobility-threat-engine", "fingerprint": "2d38ba41227be1363c7f8b92d3c402476a8d4486cdf1e77e831e341770c42b08", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_file(self, filepath: str) -> str:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2d38ba41227be1363c7f8b92d3c402476a8d4486cdf1e77e831e341770c42b08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/gc/gclient2nix/gclient2nix.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 142147, "scanner": "repobility-threat-engine", "fingerprint": "42e064906087a2395f7577874f898e4d4ca2ed8f775b6f6a2137572385658fc6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_file(self, filepath: str) -> str:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42e064906087a2395f7577874f898e4d4ca2ed8f775b6f6a2137572385658fc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/depot_tools.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 142136, "scanner": "repobility-threat-engine", "fingerprint": "361ecf4f5c13b7a5fb2ac70cda74d53eee2a346a0da5b707e972907e5b562a6a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|130|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/update.mjs"}, "region": {"startLine": 130}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 142135, "scanner": "repobility-threat-engine", "fingerprint": "ce17dfc01ca509c035b67de06e7480d304deee665911b3704ae9d5c440535644", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|12|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/gis/qgis/test.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 142134, "scanner": "repobility-threat-engine", "fingerprint": "c7b364ed666620c7c703b6a91af457c180eddd77130b1cffd576ce06e561fbb9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|60|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/modules/programs/command-not-found/command-not-found.pl"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 142129, "scanner": "repobility-threat-engine", "fingerprint": "96f38e3c0b92a97d7605baabd601c7420e691b6a151d596500e2c22e262b747a", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|96|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/os-specific/bsd/freebsd/update.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 142128, "scanner": "repobility-threat-engine", "fingerprint": "876dd8b3264db101488934e4907892d8cd39ffcf892ffefefaa8147f546344aa", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|119|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/mu/music-assistant/update-providers.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 142127, "scanner": "repobility-threat-engine", "fingerprint": "2f2c9009251f5b891928afba0edff429cb861a5f35abf57d67a82674cf613e5a", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|217|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/update-typst-packages.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, for=3, if=3, nested_bonus=12."}, "properties": {"repobilityId": 142074, "scanner": "repobility-threat-engine", "fingerprint": "18f2b1787aa03eca2b982198a1e8eff0e7d668aeb381cce233066da80bbbecd1", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 20 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "for": 3, "elif": 2, "nested_bonus": 12}, "complexity": 20, "correlation_key": "fp|18f2b1787aa03eca2b982198a1e8eff0e7d668aeb381cce233066da80bbbecd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/kde/collect-missing-deps.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `perform_pairwise_tests` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=2, if=4, nested_bonus=7."}, "properties": {"repobilityId": 142072, "scanner": "repobility-threat-engine", "fingerprint": "a83f2c1284609603c3f232fce757d9af4fa4634351aa92d8a9022229a133d335", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "perform_pairwise_tests", "breakdown": {"if": 4, "for": 2, "else": 1, "continue": 1, "nested_bonus": 7}, "complexity": 15, "correlation_key": "fp|a83f2c1284609603c3f232fce757d9af4fa4634351aa92d8a9022229a133d335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/eval/compare/cmp-stats.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142237, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2fb9cb7eea82d2afe9ce13b393c5beb78c2e6b7bab4c7d92d4b08218d82f9c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/development/python-modules/spacy-transformers/annotation-test/annotate.py", "duplicate_line": 31, "correlation_key": "fp|f2fb9cb7eea82d2afe9ce13b393c5beb78c2e6b7bab4c7d92d4b08218d82f9c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/spacy/annotation-test/annotate.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142236, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bdb10ebc4be33920e3b396e9095227f7fdef0f861ddc31a28c3515849a6a794", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/by-name/li/lidarr/update.py", "duplicate_line": 4, "correlation_key": "fp|2bdb10ebc4be33920e3b396e9095227f7fdef0f861ddc31a28c3515849a6a794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/so/sonarr/update.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142235, "scanner": "repobility-ai-code-hygiene", "fingerprint": "daa50b6b2777b0a9606a9a9e012b40d9fe3a05ea40b5c6da14244fa979c659cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/by-name/li/lidarr/update.py", "duplicate_line": 4, "correlation_key": "fp|daa50b6b2777b0a9606a9a9e012b40d9fe3a05ea40b5c6da14244fa979c659cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ra/radarr/update.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142234, "scanner": "repobility-ai-code-hygiene", "fingerprint": "638fdad123d1c7b7675f78cffd3a08a67d84c650addf784954025bdfc7067ca6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/by-name/li/lidarr/update.py", "duplicate_line": 4, "correlation_key": "fp|638fdad123d1c7b7675f78cffd3a08a67d84c650addf784954025bdfc7067ca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/pr/prowlarr/update.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142233, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99fb7fd5dd44aefa5b189751895610ceed0ebdfb4ac57572a356959fc98d259c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/by-name/nd/ndi-6/update.py", "duplicate_line": 17, "correlation_key": "fp|99fb7fd5dd44aefa5b189751895610ceed0ebdfb4ac57572a356959fc98d259c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/nd/ndi/update.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142232, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e40aaddf118a116970ba2af286134404788aff2cf98bb145ca3c576890d471f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/by-name/li/libfprint-2-tod1-broadcom-cv3plus/wrapper-lib.c", "duplicate_line": 2, "correlation_key": "fp|e40aaddf118a116970ba2af286134404788aff2cf98bb145ca3c576890d471f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/li/libfprint-2-tod1-broadcom/wrapper-lib.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142231, "scanner": "repobility-ai-code-hygiene", "fingerprint": "081421df0b001d7ab3079d82ed1684d14d2d8f86115e4c44428d4bd77a638f9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/applications/networking/browsers/chromium/depot_tools.py", "duplicate_line": 28, "correlation_key": "fp|081421df0b001d7ab3079d82ed1684d14d2d8f86115e4c44428d4bd77a638f9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/gc/gclient2nix/gclient2nix.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142230, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46e60a81153c5bfba36fc9242a39ead6875713048ee3ab12dfbff3a911a6562c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/build-support/rust/fetch-cargo-vendor-util-v2.py", "duplicate_line": 12, "correlation_key": "fp|46e60a81153c5bfba36fc9242a39ead6875713048ee3ab12dfbff3a911a6562c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/rust/fetch-cargo-vendor-util.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142229, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5abc44775b142707d2a7dbe2df5ca4b8c896c163544d16086419783ceffb53b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkgs/build-support/node/fetch-yarn-deps/fixup.js", "duplicate_line": 49, "correlation_key": "fp|5abc44775b142707d2a7dbe2df5ca4b8c896c163544d16086419783ceffb53b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/fetch-yarn-deps/index.js"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142228, "scanner": "repobility-ai-code-hygiene", "fingerprint": "becc91e4a1b714aabd09d6a02593922914243fd1b533e9fb96e6f3a8d943b4c4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "nixos/modules/system/boot/loader/limine/limine-install.py", "duplicate_line": 46, "correlation_key": "fp|becc91e4a1b714aabd09d6a02593922914243fd1b533e9fb96e6f3a8d943b4c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/modules/system/boot/loader/refind/refind-install.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142227, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9672035f5c3a173db2ea2b1dab35bb2a23741c889dd33d8556cdfe7119db6b10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maintainers/scripts/kde/collect-metadata.py", "duplicate_line": 13, "correlation_key": "fp|9672035f5c3a173db2ea2b1dab35bb2a23741c889dd33d8556cdfe7119db6b10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/kde/generate-sources.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142226, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a73bc02988c6d7dbb3eb91f2c89628a82dd7a0ecfed82e3c3815ae916c79b3f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/github-script/lint-commits.js", "duplicate_line": 15, "correlation_key": "fp|a73bc02988c6d7dbb3eb91f2c89628a82dd7a0ecfed82e3c3815ae916c79b3f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/github-script/manual-file-edits.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 142223, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d7aa63b8ee24910782934bf143f9e2a4107dbb78b8ce36a5111f7f3d9b8fa5fd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d7aa63b8ee24910782934bf143f9e2a4107dbb78b8ce36a5111f7f3d9b8fa5fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/we/wemeet/wemeet-x11-fix.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 142222, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5fe55207b8043f18ff34c8537ce22e0f9c7267a6f48afc24fb1259488a43519", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a5fe55207b8043f18ff34c8537ce22e0f9c7267a6f48afc24fb1259488a43519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/vs/vscode-extension-update/vscode_extension_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 142150, "scanner": "repobility-threat-engine", "fingerprint": "4a8aa89314c9bb4b1b0318ac24152374823f3ec3d3d70779fa07970c18925eb8", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"https://labs.picotech.com/rc/picoscope7/debian//dists/picoscope/main/binary-\"+release+\"/Packages\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4a8aa89314c9bb4b1b0318ac24152374823f3ec3d3d70779fa07970c18925eb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/pi/picoscope/update.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 142149, "scanner": "repobility-threat-engine", "fingerprint": "8ad8d9a8cbe489fe36cb711892811cceaf327a8f9454e956be5b50d7bee3a259", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "print('chromium: TODO -> ' + version + '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ad8d9a8cbe489fe36cb711892811cceaf327a8f9454e956be5b50d7bee3a259"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/get-commit-message.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `flatten_data` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, for=2, if=2, nested_bonus=5."}, "properties": {"repobilityId": 142073, "scanner": "repobility-threat-engine", "fingerprint": "6265d7ce4e9db398d9abdf9d23cbcedcfd634936b3c23d2b26233eaae4767af5", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "flatten_data", "breakdown": {"if": 2, "for": 2, "elif": 1, "else": 1, "continue": 1, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|6265d7ce4e9db398d9abdf9d23cbcedcfd634936b3c23d2b26233eaae4767af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/eval/compare/cmp-stats.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 142067, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 142221, "scanner": "repobility-threat-engine", "fingerprint": "5eeaa8a846335d3f012f295d94b052f9eb6ca812547e97e68c77d5198f3e1edf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5eeaa8a846335d3f012f295d94b052f9eb6ca812547e97e68c77d5198f3e1edf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/tools/typesetting/tex/nix/find-includes.pl"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 142217, "scanner": "repobility-threat-engine", "fingerprint": "f981229afc638d2a5b871e2553620ef6ef20f45d10e5f6a2f5b5b6bc4f7ac28b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f981229afc638d2a5b871e2553620ef6ef20f45d10e5f6a2f5b5b6bc4f7ac28b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/extract_artifacts_16.jl"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 142216, "scanner": "repobility-threat-engine", "fingerprint": "8fb65b2e797bc8daa1a221f6bd26489b1e35b1a21f31a971529a987862ebea9b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8fb65b2e797bc8daa1a221f6bd26489b1e35b1a21f31a971529a987862ebea9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/extract_artifacts.jl"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 142213, "scanner": "repobility-threat-engine", "fingerprint": "144bfc139b7fe082b7640d13e16d388b42452dde8ccb8207a9f9ac01553113af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|144bfc139b7fe082b7640d13e16d388b42452dde8ccb8207a9f9ac01553113af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/si/sing-geoip/main.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 142211, "scanner": "repobility-threat-engine", "fingerprint": "48f0b71959f3903bb91f2c43a15bdf051dbfbb6902a08332a11ae16a079e3279", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|48f0b71959f3903bb91f2c43a15bdf051dbfbb6902a08332a11ae16a079e3279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/pytest-cov-stub/src/pytest_cov/plugin.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 142210, "scanner": "repobility-threat-engine", "fingerprint": "4c1f0ed6fb174e4d8e1fc264eccbeabeccb0fc62440fa638634bba4d60d1e254", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c1f0ed6fb174e4d8e1fc264eccbeabeccb0fc62440fa638634bba4d60d1e254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/gradio/conftest-skip-network-errors.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 142209, "scanner": "repobility-threat-engine", "fingerprint": "62d7e90d1250f24164b55d42b4123fd29a05ccc0ddd27b1ac4c677939c29c065", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62d7e90d1250f24164b55d42b4123fd29a05ccc0ddd27b1ac4c677939c29c065"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/mu/music-assistant/update-providers.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142207, "scanner": "repobility-threat-engine", "fingerprint": "008cf5cb4a6d001a21b9b079a6ea304b3e2a8e1a8ed47e19e1e699385013451b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|008cf5cb4a6d001a21b9b079a6ea304b3e2a8e1a8ed47e19e1e699385013451b", "aggregated_count": 1}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 142206, "scanner": "repobility-threat-engine", "fingerprint": "14760b0034af0c910338a4fc4abc27dd1ea2b2f4058f4cc5dfc970e06b68460a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14760b0034af0c910338a4fc4abc27dd1ea2b2f4058f4cc5dfc970e06b68460a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/xk/xkbvalidate/xkbvalidate.c"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 142205, "scanner": "repobility-threat-engine", "fingerprint": "28a1965c1b47ebc9af0cd97dd412015164a56717cbad1f9b500079864a83270d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28a1965c1b47ebc9af0cd97dd412015164a56717cbad1f9b500079864a83270d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/li/libfprint-2-tod1-broadcom/wrapper-lib.c"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 142204, "scanner": "repobility-threat-engine", "fingerprint": "469ca028710d35bc93a4a79a25316459ab2b8c471eef4af090b2ce9da49af4aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|469ca028710d35bc93a4a79a25316459ab2b8c471eef4af090b2ce9da49af4aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/li/libfprint-2-tod1-broadcom-cv3plus/wrapper-lib.c"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 142202, "scanner": "repobility-threat-engine", "fingerprint": "c226f71e79b017f8210ddc922fd7a8ceb08a031cba5caf4bee6453eb533dadd9", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "PASSWD=\"\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|passwd redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/hy/hylafaxplus/post-install.sh"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142199, "scanner": "repobility-threat-engine", "fingerprint": "3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "aggregated_count": 1}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 142198, "scanner": "repobility-threat-engine", "fingerprint": "284988b517ac617eca66b6b4268e1ea02759b3752049eb724e269027dcf2e661", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|284988b517ac617eca66b6b4268e1ea02759b3752049eb724e269027dcf2e661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/pkgs-lib/formats/hocon/src/src/main.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 142197, "scanner": "repobility-threat-engine", "fingerprint": "6efc003fd34dc33f39d7a2d023419fb39d3e4b01dee4d50038ecbac1811f7dba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6efc003fd34dc33f39d7a2d023419fb39d3e4b01dee4d50038ecbac1811f7dba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/prefetch-npm-deps/src/util.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 142196, "scanner": "repobility-threat-engine", "fingerprint": "14ecb744b0da560959b79da6275c0783bbe18c8561f00c361eabc45ccd5b2d9c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14ecb744b0da560959b79da6275c0783bbe18c8561f00c361eabc45ccd5b2d9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/prefetch-npm-deps/src/parse/mod.rs"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 142194, "scanner": "repobility-threat-engine", "fingerprint": "205e3705d6e01cf1f05b74076b615538699881dd01f9a5134fd1d00d496dac4b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|205e3705d6e01cf1f05b74076b615538699881dd01f9a5134fd1d00d496dac4b", "aggregated_count": 3}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 142193, "scanner": "repobility-threat-engine", "fingerprint": "55b0c9e8cb3dc94c3104a857bd6bb0bf9428bc6794ed91e2c3b4fdc74d11c1e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55b0c9e8cb3dc94c3104a857bd6bb0bf9428bc6794ed91e2c3b4fdc74d11c1e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/co/collabora-online/update.sh"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 142192, "scanner": "repobility-threat-engine", "fingerprint": "c097c0864c5163cb82be5e387b9e9f8c3fe8a5753cc749957ca0dd0d79f3cc83", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c097c0864c5163cb82be5e387b9e9f8c3fe8a5753cc749957ca0dd0d79f3cc83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/co/collabora-desktop/update.sh"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 142191, "scanner": "repobility-threat-engine", "fingerprint": "7f3d1bab4c6cc357253b03c1f5819dbdcb1d2ad09e90ad63cd85552dedb2d1f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f3d1bab4c6cc357253b03c1f5819dbdcb1d2ad09e90ad63cd85552dedb2d1f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/fetch-yarn-deps/yarn-config-hook.sh"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 142190, "scanner": "repobility-threat-engine", "fingerprint": "fe2c31f8c78c8b2af73f35082f6a1b53b7e7a5215090e5f5f73ef3cb48480cba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fe2c31f8c78c8b2af73f35082f6a1b53b7e7a5215090e5f5f73ef3cb48480cba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/servers/dict/wordnet_structures.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 142189, "scanner": "repobility-threat-engine", "fingerprint": "3a5ae11a2a7dc6ae8a8ea738ad65d105389aa607d301cf5229651cd00b374820", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a5ae11a2a7dc6ae8a8ea738ad65d105389aa607d301cf5229651cd00b374820"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/recursive-pth-loader/sitecustomize.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 142188, "scanner": "repobility-threat-engine", "fingerprint": "8eea20ad65079e87bc992fc299594b6b627374f151c4e3ea724ccdc242adaf61", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8eea20ad65079e87bc992fc299594b6b627374f151c4e3ea724ccdc242adaf61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/fetchpypilegacy/fetch-legacy.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED018", "level": "none", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 142184, "scanner": "repobility-threat-engine", "fingerprint": "361d062f03cbee8685e8ec9d5b3617aa4f6152033f7edc06a9da4c0e4608f6e8", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'spec\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|361d062f03cbee8685e8ec9d5b3617aa4f6152033f7edc06a9da4c0e4608f6e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/pub2nix/package-graph.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED018", "level": "none", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 142183, "scanner": "repobility-threat-engine", "fingerprint": "13ef58304a04af2dd27c82c1d566c5205f920bde6a2900a46431e5ab0f35c427", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'spec\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13ef58304a04af2dd27c82c1d566c5205f920bde6a2900a46431e5ab0f35c427"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/build-dart-application/workspace-package-config.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC079", "level": "none", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 142178, "scanner": "repobility-threat-engine", "fingerprint": "8b342ab2b5a88975abd9e7ea89323d3916ab56f88e1b13e9646702c1c6c0d76b", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'SafeLoader' detected on same line", "evidence": {"match": "yaml.load(f, Loader=yaml.CSafeLoader)", "reason": "Safe pattern 'SafeLoader' detected on same line", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|8b342ab2b5a88975abd9e7ea89323d3916ab56f88e1b13e9646702c1c6c0d76b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/pub2nix/package-graph.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC079", "level": "none", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 142177, "scanner": "repobility-threat-engine", "fingerprint": "9f6eaf62527a80863941f60082d79da1512eaccfceec5b09d8384a0e93e0002a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'SafeLoader' detected on same line", "evidence": {"match": "yaml.load(f, Loader=yaml.CSafeLoader)", "reason": "Safe pattern 'SafeLoader' detected on same line", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|9f6eaf62527a80863941f60082d79da1512eaccfceec5b09d8384a0e93e0002a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/build-dart-application/workspace-package-config.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 142175, "scanner": "repobility-threat-engine", "fingerprint": "6b73b98ed474b58130f3b39cb644b7ac591d9153e2dae91cc26a0b7b4b50860b", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'SafeLoader' detected on same line", "evidence": {"match": "yaml.load(", "reason": "Safe pattern 'SafeLoader' detected on same line", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|16|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/pub2nix/package-graph.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 142174, "scanner": "repobility-threat-engine", "fingerprint": "e8f783e1bddcf3ec897a3cbc04e217358207f5f35a10293ded20084362073ef9", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'SafeLoader' detected on same line", "evidence": {"match": "yaml.load(", "reason": "Safe pattern 'SafeLoader' detected on same line", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|10|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dart/build-dart-application/workspace-package-config.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142173, "scanner": "repobility-threat-engine", "fingerprint": "3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "aggregated_count": 1}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 142172, "scanner": "repobility-threat-engine", "fingerprint": "873c3be7270228353a230d9bc20ebadc9e706b3e848ed1b0bdb5d0b62e77aa7f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|873c3be7270228353a230d9bc20ebadc9e706b3e848ed1b0bdb5d0b62e77aa7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/resolve_packages.jl"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 142171, "scanner": "repobility-threat-engine", "fingerprint": "507e4b3a09ea8a70bcdd8b2055c5a37d66e0181e1430c7f6fb2f3d5fa735a083", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|507e4b3a09ea8a70bcdd8b2055c5a37d66e0181e1430c7f6fb2f3d5fa735a083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/extract_artifacts.jl"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 142170, "scanner": "repobility-threat-engine", "fingerprint": "d9a433484241c7b0224a9fbd508d8e77e316da780e9f11a0d38264adae1150e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9a433484241c7b0224a9fbd508d8e77e316da780e9f11a0d38264adae1150e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/buildenv/builder.pl"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142165, "scanner": "repobility-threat-engine", "fingerprint": "1ec183c5587b0294626eea573239a67d50c9c28a5ce594bf1f3d522841fe9bfb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1ec183c5587b0294626eea573239a67d50c9c28a5ce594bf1f3d522841fe9bfb"}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 142161, "scanner": "repobility-threat-engine", "fingerprint": "b4c2a5b60ac9e3fe2bd9de5052090aca61c644725423d81e3a2a2e397994d5a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4c2a5b60ac9e3fe2bd9de5052090aca61c644725423d81e3a2a2e397994d5a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/instant-messengers/discord/disable-breaking-updates.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 142159, "scanner": "repobility-threat-engine", "fingerprint": "dce56d9379b655491f8199c2c01405eff630ef4dfff46494af6eed6f2beb67e7", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"Generated Maven settings.xml at {output_path}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|8|print f generated maven settings.xml at output_path"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ma/maven/maven-proxy.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 142158, "scanner": "repobility-threat-engine", "fingerprint": "f1cbc2a9589a3fd77877b55e7cfa0d917f513ff26bc6120e97fa172fb306bcde", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(os.path.basename(sysconfig.get_config_var('\\''INCLUDEPY'\\'')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|1|print os.path.basename sysconfig.get_config_var includepy"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/rust/hooks/maturin-build-hook.sh"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 142157, "scanner": "repobility-threat-engine", "fingerprint": "c03229dc5ff455e275823b0c969482a24d6c1adc87c7c0d3a3cff93e9d29eee0", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"[Nix] settings.json is malformed, letting Discord fix itself\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|3|print nix settings.json is malformed letting discord fix itself"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/instant-messengers/discord/disable-breaking-updates.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC021", "level": "none", "message": {"text": "[SEC021] Shell Trace Around Secret Handling (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 142156, "scanner": "repobility-threat-engine", "fingerprint": "4d45a43ecee4eab848c2cb8c5af07551ebbfe1a80c26e7d2aeda52c12e5714be", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC021", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4d45a43ecee4eab848c2cb8c5af07551ebbfe1a80c26e7d2aeda52c12e5714be"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142146, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 142142, "scanner": "repobility-threat-engine", "fingerprint": "61f00f2482bc0620c8bb2b5e214895b164194fc5407dff2821a768b5fb34841c", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|61f00f2482bc0620c8bb2b5e214895b164194fc5407dff2821a768b5fb34841c"}}}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 142138, "scanner": "repobility-threat-engine", "fingerprint": "654338355dabbba5680b4295e12eadbd3132d361ee02c5c3e650ff02866cd8e6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|654338355dabbba5680b4295e12eadbd3132d361ee02c5c3e650ff02866cd8e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/modules/services/amqp/activemq/ActiveMQBroker.java"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 142137, "scanner": "repobility-threat-engine", "fingerprint": "c80ff157c0dd4f06d29a253eef2e040bc846fc539581945c90fe13c6ec14dd22", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c80ff157c0dd4f06d29a253eef2e040bc846fc539581945c90fe13c6ec14dd22"}}}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 142133, "scanner": "repobility-threat-engine", "fingerprint": "1a8003d6554b2e81b503d08c7fc657274ca4a66c4d296fd50e0b6508f2e353c7", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1a8003d6554b2e81b503d08c7fc657274ca4a66c4d296fd50e0b6508f2e353c7"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 142126, "scanner": "repobility-threat-engine", "fingerprint": "719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d"}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 142122, "scanner": "repobility-threat-engine", "fingerprint": "9da13fb65c4da8dfaa374ac132e583c8caf1bbfa1b72c11a8e82cd0830c4df41", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9da13fb65c4da8dfaa374ac132e583c8caf1bbfa1b72c11a8e82cd0830c4df41", "aggregated_count": 26}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 142121, "scanner": "repobility-threat-engine", "fingerprint": "3a472c2c79a504cb319cfc3a425103d6a51ee43055f02ad087ffd95a7745dac0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a472c2c79a504cb319cfc3a425103d6a51ee43055f02ad087ffd95a7745dac0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/vim/plugins/utils/nvim-treesitter/update.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 142120, "scanner": "repobility-threat-engine", "fingerprint": "7810e6debc0d644f21ea57a35d9bfeab9f49e224475c8e944257b989daeddd58", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7810e6debc0d644f21ea57a35d9bfeab9f49e224475c8e944257b989daeddd58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 142119, "scanner": "repobility-threat-engine", "fingerprint": "3a4b03fee9cbe14c2f1276173bef76bba0e6d95c04c823f01204deea5622defc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a4b03fee9cbe14c2f1276173bef76bba0e6d95c04c823f01204deea5622defc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/hydra-eval-failures.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 142118, "scanner": "repobility-threat-engine", "fingerprint": "ef27142bc9064ebbaa2be5e42681ccd05ce4f6e8e54cf32aae1d557f90b6f50d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ef27142bc9064ebbaa2be5e42681ccd05ce4f6e8e54cf32aae1d557f90b6f50d"}}}, {"ruleId": "MINED017", "level": "none", "message": {"text": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142114, "scanner": "repobility-threat-engine", "fingerprint": "c5ca79e507ab00f1b87882c1d1ea6e94f55f4a57c36d968c50a2cfaf08a6b57b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c5ca79e507ab00f1b87882c1d1ea6e94f55f4a57c36d968c50a2cfaf08a6b57b", "aggregated_count": 1}}}, {"ruleId": "MINED015", "level": "none", "message": {"text": "[MINED015] Ruby Eval Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 142110, "scanner": "repobility-threat-engine", "fingerprint": "95b4fa08dec552902406d2f4769596893afafeb78044ff9172472ddb144cde1f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95b4fa08dec552902406d2f4769596893afafeb78044ff9172472ddb144cde1f", "aggregated_count": 1}}}, {"ruleId": "MINED010", "level": "none", "message": {"text": "[MINED010] Ruby System Call (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 142106, "scanner": "repobility-threat-engine", "fingerprint": "f07adde35e94e73165e08462e6c3de100fda8180c22566d366042d4659f0fb07", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f07adde35e94e73165e08462e6c3de100fda8180c22566d366042d4659f0fb07", "aggregated_count": 2}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 142102, "scanner": "repobility-threat-engine", "fingerprint": "b76aba28877d6ca27729ae20a3127a9d43b836bba1fc2bea6f41c13c71aff5b3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b76aba28877d6ca27729ae20a3127a9d43b836bba1fc2bea6f41c13c71aff5b3", "aggregated_count": 12}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 142098, "scanner": "repobility-threat-engine", "fingerprint": "063abbc1a988e6c8b43781a2091a8af2089bfaa08444dfc3e5781c1eafa01559", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|063abbc1a988e6c8b43781a2091a8af2089bfaa08444dfc3e5781c1eafa01559"}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 142094, "scanner": "repobility-threat-engine", "fingerprint": "226c8f2d31fb96ab1ed08ceb96978fac4a1a140d291f983d64ccef551161e2a3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|226c8f2d31fb96ab1ed08ceb96978fac4a1a140d291f983d64ccef551161e2a3", "aggregated_count": 4}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 142093, "scanner": "repobility-threat-engine", "fingerprint": "958aed9c2c8b5cf952522915ff76139b967e56885e776ada90a6e2152ce0161c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|958aed9c2c8b5cf952522915ff76139b967e56885e776ada90a6e2152ce0161c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/prefetch-npm-deps/src/cacache.rs"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 142092, "scanner": "repobility-threat-engine", "fingerprint": "3c630699024e03f2b480f68f2d68121a4185cf772b05eba48cef5d0ed0c5e71f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c630699024e03f2b480f68f2d68121a4185cf772b05eba48cef5d0ed0c5e71f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/convert-to-import-cargo-lock/src/main.rs"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 142091, "scanner": "repobility-threat-engine", "fingerprint": "a5be1dc262790f83826bfb2fa6b36f5deb414ca804d8fcda158c1cf24fa6ac5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5be1dc262790f83826bfb2fa6b36f5deb414ca804d8fcda158c1cf24fa6ac5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/check-maintainer-usernames/src/main.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 142090, "scanner": "repobility-threat-engine", "fingerprint": "bc7e4d0790cf4fb3196b8570dd05b5db2ba0b2e55bf09d9f86438cf522839105", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bc7e4d0790cf4fb3196b8570dd05b5db2ba0b2e55bf09d9f86438cf522839105", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 142086, "scanner": "repobility-threat-engine", "fingerprint": "5c36b03760ab0ca3b556090b3ef7dda3bbde9e266af1492b83921c44807a9e92", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5c36b03760ab0ca3b556090b3ef7dda3bbde9e266af1492b83921c44807a9e92", "aggregated_count": 16}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 142085, "scanner": "repobility-threat-engine", "fingerprint": "ca8333c7dcb7dd0b80bb3b7c079b106bbe972b72dc9c1ec5077d7e28c276a1bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca8333c7dcb7dd0b80bb3b7c079b106bbe972b72dc9c1ec5077d7e28c276a1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/doc/replace-xrefs-by-empty-links.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 142084, "scanner": "repobility-threat-engine", "fingerprint": "ac8110127c915824e60b84075686dd44ed0efd923cce57b1080d4f035d150f88", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac8110127c915824e60b84075686dd44ed0efd923cce57b1080d4f035d150f88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/doc/escape-code-markup.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 142083, "scanner": "repobility-threat-engine", "fingerprint": "62d5ab8b5d26b1f356c330290a457f5b39147650fe9b8c93c3b89da2538101e6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62d5ab8b5d26b1f356c330290a457f5b39147650fe9b8c93c3b89da2538101e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/bootstrap-files/refresh-tarballs.bash"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 142082, "scanner": "repobility-threat-engine", "fingerprint": "8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "aggregated_count": 11}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 142081, "scanner": "repobility-threat-engine", "fingerprint": "4c4c671871610a84420f6a904be60c0e2c6a74653f8e0e12c475407c9c1d6a49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c4c671871610a84420f6a904be60c0e2c6a74653f8e0e12c475407c9c1d6a49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/supportedBranches.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 142080, "scanner": "repobility-threat-engine", "fingerprint": "ba9fbe5873f4f869f3f78dcdb10a7831dd465a8ea16ac7166be97623f7b3fe8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba9fbe5873f4f869f3f78dcdb10a7831dd465a8ea16ac7166be97623f7b3fe8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/github-script/prepare.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 142079, "scanner": "repobility-threat-engine", "fingerprint": "dad70e0377e9c6804915ebc36e8595b5bfb42393efe5c964e6bb74283b787133", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dad70e0377e9c6804915ebc36e8595b5bfb42393efe5c964e6bb74283b787133"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/github-script/get-teams.js"}, "region": {"startLine": 83}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 68 more): Same pattern found in 68 additional files. Review if needed."}, "properties": {"repobilityId": 142075, "scanner": "repobility-threat-engine", "fingerprint": "b59e9b414148b51e62a24571ab8e0ed68e56c08000639df695e15ea916926505", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 68 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "perform_pairwise_tests", "breakdown": {"if": 4, "for": 2, "else": 1, "continue": 1, "nested_bonus": 7}, "aggregated": true, "complexity": 15, "correlation_key": "fp|b59e9b414148b51e62a24571ab8e0ed68e56c08000639df695e15ea916926505", "aggregated_count": 68}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 142071, "scanner": "repobility-threat-engine", "fingerprint": "cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "aggregated_count": 12}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 142070, "scanner": "repobility-threat-engine", "fingerprint": "4a68f8cd81d923174b62ee3be31b75f9b45bca472cdc1ce939a77d7c66c0c338", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a68f8cd81d923174b62ee3be31b75f9b45bca472cdc1ce939a77d7c66c0c338"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/depot_tools.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 142069, "scanner": "repobility-threat-engine", "fingerprint": "20722ab94d5ca8271ceec5e59e4e5cf0182d6637e275760c9224c044a87e0dfc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|20722ab94d5ca8271ceec5e59e4e5cf0182d6637e275760c9224c044a87e0dfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 142068, "scanner": "repobility-threat-engine", "fingerprint": "a71e43b1eccb4fd828a9620a477c153f1cbacbc770f63a7664865cd3e9473d63", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a71e43b1eccb4fd828a9620a477c153f1cbacbc770f63a7664865cd3e9473d63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/eval/compare/cmp-stats.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 142332, "scanner": "repobility-ast-engine", "fingerprint": "cddb84603d8d78cfddf864d68ff49516b48214ddaa400edc1773f922e2145d2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cddb84603d8d78cfddf864d68ff49516b48214ddaa400edc1773f922e2145d2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/update.py"}, "region": {"startLine": 548}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_subcomponent_in: Test function `test_subcomponent_in` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142300, "scanner": "repobility-ast-engine", "fingerprint": "4ba58031dba26d62d146e7e4b1b0a352542fbf19395459de8441d93233b16a40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ba58031dba26d62d146e7e4b1b0a352542fbf19395459de8441d93233b16a40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/subcomponent_test.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_subcomponent_out_multi: Test function `test_subcomponent_out_multi` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142299, "scanner": "repobility-ast-engine", "fingerprint": "9733f130278c1415e5ad109f603c25200d28d98c7c79acea579b74ca1134c7ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9733f130278c1415e5ad109f603c25200d28d98c7c79acea579b74ca1134c7ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/subcomponent_test.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_subcomponent_out: Test function `test_subcomponent_out` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142298, "scanner": "repobility-ast-engine", "fingerprint": "878526bd2b5b349d2a12b55259fc7791980af8b19426ca0b93c64763e8c82653", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|878526bd2b5b349d2a12b55259fc7791980af8b19426ca0b93c64763e8c82653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/subcomponent_test.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_empty_graph: Test function `test_empty_graph` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142297, "scanner": "repobility-ast-engine", "fingerprint": "6587e138d5d730dbcaa4e146032c9070dd573fab9e8cf066f666d960d35a58f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6587e138d5d730dbcaa4e146032c9070dd573fab9e8cf066f666d960d35a58f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/subcomponent_test.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_empty_paths: Test function `test_empty_paths` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142296, "scanner": "repobility-ast-engine", "fingerprint": "7f13754fab830837f587a2e8b532a3bbb8b7e1db891e3d46700cf9fb241cd1f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f13754fab830837f587a2e8b532a3bbb8b7e1db891e3d46700cf9fb241cd1f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/fl/flatten-references-graph/src/flatten_references_graph/subcomponent_test.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_switch_to_configuration_with_systemd_run: Test function `test_switch_to_configuration_with_systemd_run` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142290, "scanner": "repobility-ast-engine", "fingerprint": "5f483d07b4a7dc6664f7ecca55d24f4b8380e6a179b6243134f297dd8c771b20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f483d07b4a7dc6664f7ecca55d24f4b8380e6a179b6243134f297dd8c771b20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 823}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_repl: Test function `test_repl` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142289, "scanner": "repobility-ast-engine", "fingerprint": "13141a061485008ee670522073d414b50c8e00442eb9020a9a7cddf7990ff8a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13141a061485008ee670522073d414b50c8e00442eb9020a9a7cddf7990ff8a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 621}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_diff_closures: Test function `test_diff_closures` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142288, "scanner": "repobility-ast-engine", "fingerprint": "3895ea9f24c2044b310cdca7a85e7f4805931023827fa11517b2f75fcba0e11c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3895ea9f24c2044b310cdca7a85e7f4805931023827fa11517b2f75fcba0e11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 601}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_edit_flake: Test function `test_edit_flake` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142287, "scanner": "repobility-ast-engine", "fingerprint": "f654c39f29283099a6de12c7e189336fb47d90815f474aa4892b396c9284b576", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f654c39f29283099a6de12c7e189336fb47d90815f474aa4892b396c9284b576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_edit: Test function `test_edit` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142286, "scanner": "repobility-ast-engine", "fingerprint": "81a32dd4c96d56734af08fb6fb538f1789752bddbca5e661d89fe1fe26200480", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81a32dd4c96d56734af08fb6fb538f1789752bddbca5e661d89fe1fe26200480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_copy_closure: Test function `test_copy_closure` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142285, "scanner": "repobility-ast-engine", "fingerprint": "ed78df0548fac1875a4737459ec0de35d6a6098f11535338c53982b939e998f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed78df0548fac1875a4737459ec0de35d6a6098f11535338c53982b939e998f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_custom_sudo_args: Test function `test_custom_sudo_args` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142284, "scanner": "repobility-ast-engine", "fingerprint": "1f6b5cf9f6d3c7b55720df96547a16cfe5f8eb4f9f4ccd889ea5253438953c21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f6b5cf9f6d3c7b55720df96547a16cfe5f8eb4f9f4ccd889ea5253438953c21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_process.py"}, "region": {"startLine": 345}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_run_wrapper_run0: Test function `test_run_wrapper_run0` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142283, "scanner": "repobility-ast-engine", "fingerprint": "c2e61e7fe234d7d5bf46a56d97feae046c6aaf40ef61bff7b4ebeab9829cac2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2e61e7fe234d7d5bf46a56d97feae046c6aaf40ef61bff7b4ebeab9829cac2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_process.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test__kill_long_running_ssh_process: Test function `test__kill_long_running_ssh_process` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142282, "scanner": "repobility-ast-engine", "fingerprint": "c84b3915b0640596d7f98233abc841c13f5de617f27c72d5db8f0f4437bbd105", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c84b3915b0640596d7f98233abc841c13f5de617f27c72d5db8f0f4437bbd105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_process.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_run_wrapper: Test function `test_run_wrapper` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142281, "scanner": "repobility-ast-engine", "fingerprint": "cdb827a546f345c9b2737a3ac7eeb834b16daa980ec3003fa7dc2070509e4e1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdb827a546f345c9b2737a3ac7eeb834b16daa980ec3003fa7dc2070509e4e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_process.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reexec_skip_if_already_reexec: Test function `test_reexec_skip_if_already_reexec` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142280, "scanner": "repobility-ast-engine", "fingerprint": "bbc624c07c5bc87aea20d8a7c48ae20f6841763c66a3a7abe6584d4c428ee0c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbc624c07c5bc87aea20d8a7c48ae20f6841763c66a3a7abe6584d4c428ee0c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_services.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reexec_flake: Test function `test_reexec_flake` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142279, "scanner": "repobility-ast-engine", "fingerprint": "f26e211410424ceadb326829f28e269b54ff155a38ec62be6a5a714dbfda092d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f26e211410424ceadb326829f28e269b54ff155a38ec62be6a5a714dbfda092d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_services.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_reexec: Test function `test_reexec` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142278, "scanner": "repobility-ast-engine", "fingerprint": "a7ed4c12b9a5732ab9394a16183413b537cd98b486b85284ed76acaa9ea7b781", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7ed4c12b9a5732ab9394a16183413b537cd98b486b85284ed76acaa9ea7b781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_services.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_divergent_redirect: Test function `test_divergent_redirect` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142276, "scanner": "repobility-ast-engine", "fingerprint": "335eab8de88e9a0557e38495cebb8ad209eedb8318a707b1838a62401789832a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|335eab8de88e9a0557e38495cebb8ad209eedb8318a707b1838a62401789832a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_conflicting_anchors: Test function `test_conflicting_anchors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142275, "scanner": "repobility-ast-engine", "fingerprint": "7cee7284a9e0b8189d929ee83258512b5e958a185bd67fe1c7955f14bab56c04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cee7284a9e0b8189d929ee83258512b5e958a185bd67fe1c7955f14bab56c04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_non_leaf_identifier_moved_to_different_file: Test function `test_non_leaf_identifier_moved_to_different_file` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142274, "scanner": "repobility-ast-engine", "fingerprint": "3a07d8e961d28d359dc516625fe438190850a57a798149391094c0f4432a07a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a07d8e961d28d359dc516625fe438190850a57a798149391094c0f4432a07a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_leaf_identifier_moved_to_different_file: Test function `test_leaf_identifier_moved_to_different_file` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142273, "scanner": "repobility-ast-engine", "fingerprint": "1abd3eea9ffae4379de10f253c8f53a8651433a1f1e69a156fdfb31e9e25cd24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1abd3eea9ffae4379de10f253c8f53a8651433a1f1e69a156fdfb31e9e25cd24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_identifier_renamed: Test function `test_identifier_renamed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142272, "scanner": "repobility-ast-engine", "fingerprint": "042a4aa35b9a1fe21329d2859dcb670ff4bb58416a711500e5cabb64aedcb2e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|042a4aa35b9a1fe21329d2859dcb670ff4bb58416a711500e5cabb64aedcb2e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_identifier_removed: Test function `test_identifier_removed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142271, "scanner": "repobility-ast-engine", "fingerprint": "5df89dc9ab624acdbc20eb13ccb586681f5a9cbbee726bcbd0eda75e36c2539b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5df89dc9ab624acdbc20eb13ccb586681f5a9cbbee726bcbd0eda75e36c2539b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_identifier_added: Test function `test_identifier_added` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 142270, "scanner": "repobility-ast-engine", "fingerprint": "423911d53cb059b65177a403196fb2bd50dac4f26f9c7051d9308d504f00770d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|423911d53cb059b65177a403196fb2bd50dac4f26f9c7051d9308d504f00770d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/tests/test_redirects.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `fence` of class `CommonMarkRenderer` reads `self._maybe_parbreak`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142267, "scanner": "repobility-ast-engine", "fingerprint": "846db66af07b6825e0fa24c0af16e07b1233ce7171f50e65d4f72fd7611fc0fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|846db66af07b6825e0fa24c0af16e07b1233ce7171f50e65d4f72fd7611fc0fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `bullet_list_open` of class `CommonMarkRenderer` reads `self._maybe_parbreak`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142266, "scanner": "repobility-ast-engine", "fingerprint": "ebde220e5ab01c17a914603faf3895f4e00787131a96ec8948fbe47b007d7f4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebde220e5ab01c17a914603faf3895f4e00787131a96ec8948fbe47b007d7f4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._leave_block` used but never assigned in __init__: Method `list_item_close` of class `CommonMarkRenderer` reads `self._leave_block`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142265, "scanner": "repobility-ast-engine", "fingerprint": "7d16c35b1e79d39721792d3aafdee9a270f356c8b61a814ec3fb23e4e7dd9484", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d16c35b1e79d39721792d3aafdee9a270f356c8b61a814ec3fb23e4e7dd9484"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._break` used but never assigned in __init__: Method `list_item_open` of class `CommonMarkRenderer` reads `self._break`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142264, "scanner": "repobility-ast-engine", "fingerprint": "7fff51095f15546bd8b5885d474c01f465cf4d3b2218a0fcd2df06dd63c67c84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fff51095f15546bd8b5885d474c01f465cf4d3b2218a0fcd2df06dd63c67c84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._enter_block` used but never assigned in __init__: Method `list_item_open` of class `CommonMarkRenderer` reads `self._enter_block`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142263, "scanner": "repobility-ast-engine", "fingerprint": "b9f4639b8f7ff8fa2dfc63cba541581f72d17ed90887371935bba767044d1ddd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9f4639b8f7ff8fa2dfc63cba541581f72d17ed90887371935bba767044d1ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.fence` used but never assigned in __init__: Method `code_block` of class `CommonMarkRenderer` reads `self.fence`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142262, "scanner": "repobility-ast-engine", "fingerprint": "28536808f6a3d0b8d6e80c8ffea92d24567f026aaf5b4d3d843079ea03f2112d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28536808f6a3d0b8d6e80c8ffea92d24567f026aaf5b4d3d843079ea03f2112d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._break` used but never assigned in __init__: Method `softbreak` of class `CommonMarkRenderer` reads `self._break`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142261, "scanner": "repobility-ast-engine", "fingerprint": "94c21643d55d7502beed8a70d83c7b0c3cf1d1f2522ba7bed723087b99300d1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94c21643d55d7502beed8a70d83c7b0c3cf1d1f2522ba7bed723087b99300d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._break` used but never assigned in __init__: Method `hardbreak` of class `CommonMarkRenderer` reads `self._break`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142260, "scanner": "repobility-ast-engine", "fingerprint": "6453063d166c135028be5fc43e75ed55e95bd7fa210050d90d2a561a1deecaec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6453063d166c135028be5fc43e75ed55e95bd7fa210050d90d2a561a1deecaec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `paragraph_open` of class `CommonMarkRenderer` reads `self._maybe_parbreak`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142259, "scanner": "repobility-ast-engine", "fingerprint": "f5c873d8fa62057b0a43b440552c22f9aeba6d1e4064c518180c4dce24d64e7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5c873d8fa62057b0a43b440552c22f9aeba6d1e4064c518180c4dce24d64e7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._indent_raw` used but never assigned in __init__: Method `text` of class `CommonMarkRenderer` reads `self._indent_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142258, "scanner": "repobility-ast-engine", "fingerprint": "fb280d77a68974bf5c8c1ed8fbce48d2eca24cbcd2ea857232ecf0e88dd3076e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb280d77a68974bf5c8c1ed8fbce48d2eca24cbcd2ea857232ecf0e88dd3076e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._leave_block` used but never assigned in __init__: Method `_admonition_close` of class `CommonMarkRenderer` reads `self._leave_block`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142257, "scanner": "repobility-ast-engine", "fingerprint": "ee16e85be28b17288132a2149a816648b10b1b0d3f2ef357f4e5c9795fbf2d5e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee16e85be28b17288132a2149a816648b10b1b0d3f2ef357f4e5c9795fbf2d5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._enter_block` used but never assigned in __init__: Method `_admonition_open` of class `CommonMarkRenderer` reads `self._enter_block`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142256, "scanner": "repobility-ast-engine", "fingerprint": "05df0021f8c50e92e76cd957721d5798c8ecf4398e51ca6ca3e96ab90bd00fcf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05df0021f8c50e92e76cd957721d5798c8ecf4398e51ca6ca3e96ab90bd00fcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `_admonition_open` of class `CommonMarkRenderer` reads `self._maybe_parbreak`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142255, "scanner": "repobility-ast-engine", "fingerprint": "484e03af385fd1a5ff8bf5150430c84880a7b89c7d3e7946fa9cfa299f35a55e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|484e03af385fd1a5ff8bf5150430c84880a7b89c7d3e7946fa9cfa299f35a55e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/commonmark.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_remove_and_redirect` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142254, "scanner": "repobility-ast-engine", "fingerprint": "79611f2bffbf9262a6804c8f301276969e7a4cfe24e5f1a75ba48401688f93cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79611f2bffbf9262a6804c8f301276969e7a4cfe24e5f1a75ba48401688f93cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_remove_and_redirect` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142253, "scanner": "repobility-ast-engine", "fingerprint": "ebf3d8470b130746f6da3642e8d39200fc97a43990644c2383605c0cbbac5f7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebf3d8470b130746f6da3642e8d39200fc97a43990644c2383605c0cbbac5f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_remove_and_redirect` of class `RedirectsTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142252, "scanner": "repobility-ast-engine", "fingerprint": "09bb4a87b38f717a873216fd8811a10812fdc36cbcfdbc4cbb39a5b9883255c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09bb4a87b38f717a873216fd8811a10812fdc36cbcfdbc4cbb39a5b9883255c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_rename_identifier` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142251, "scanner": "repobility-ast-engine", "fingerprint": "9a03cc2d7ee8f7587ac58e7f534b63b4dc29f07cb2af5992b4f301a942869d0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a03cc2d7ee8f7587ac58e7f534b63b4dc29f07cb2af5992b4f301a942869d0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_rename_identifier` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142250, "scanner": "repobility-ast-engine", "fingerprint": "b0999786fa63cc9e70d8ec438f3ac44271f8485a72b3e7fb6465231d199b4f17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0999786fa63cc9e70d8ec438f3ac44271f8485a72b3e7fb6465231d199b4f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_rename_identifier` of class `RedirectsTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142249, "scanner": "repobility-ast-engine", "fingerprint": "8be4a6c056b87d2d753ee34b2ddde43c5bd6cb10169559975e571fba3bb47708", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8be4a6c056b87d2d753ee34b2ddde43c5bd6cb10169559975e571fba3bb47708"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_move_content` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142248, "scanner": "repobility-ast-engine", "fingerprint": "29866b38a172d592e2a3c4f0a8a19910a9e851c8a711d75ccda3964a363162fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29866b38a172d592e2a3c4f0a8a19910a9e851c8a711d75ccda3964a363162fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_move_content` of class `RedirectsTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142247, "scanner": "repobility-ast-engine", "fingerprint": "d71d9acfeeb040665342afef4a439aded553ec4a1fddae2583ae933c3ba486da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d71d9acfeeb040665342afef4a439aded553ec4a1fddae2583ae933c3ba486da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_add_content` of class `RedirectsTestCase` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142246, "scanner": "repobility-ast-engine", "fingerprint": "4b9bd0ee511b35c9d4f42889c3129cffb3fe08a2deba668577f38b134f47066b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b9bd0ee511b35c9d4f42889c3129cffb3fe08a2deba668577f38b134f47066b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_add_content` of class `RedirectsTestCase` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142245, "scanner": "repobility-ast-engine", "fingerprint": "e03e6205a20736304a30205037760cfa1c3f06fd58892dcf0b5e7b737ad55462", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e03e6205a20736304a30205037760cfa1c3f06fd58892dcf0b5e7b737ad55462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-render-docs-redirects/src/tests/test_redirects.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.versions_to_json` used but never assigned in __init__: Method `write_versions` of class `VersionManager` reads `self.versions_to_json`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142242, "scanner": "repobility-ast-engine", "fingerprint": "83fa04e3abb1952b157c85bb6b7833aedab1e692e4d0193973683635e5e239e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83fa04e3abb1952b157c85bb6b7833aedab1e692e4d0193973683635e5e239e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/games/papermc/update.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.download_and_generate_sha256_hash` used but never assigned in __init__: Method `generate_version_hashes` of class `VersionManager` reads `self.download_and_generate_sha256_hash`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 142241, "scanner": "repobility-ast-engine", "fingerprint": "0a7a745e6ce486c91a8a818bf061dcefcfd39e3717fdf6887fbe44ffeaff75e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a7a745e6ce486c91a8a818bf061dcefcfd39e3717fdf6887fbe44ffeaff75e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/games/papermc/update.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC032", "level": "error", "message": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs."}, "properties": {"repobilityId": 142220, "scanner": "repobility-threat-engine", "fingerprint": "ceab62d59bbf6f0cfa3b1d01ff6fe1821511388b1e2dfce581b88690ed4a7e85", "category": "file_upload", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "open(self.filename,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC032", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ceab62d59bbf6f0cfa3b1d01ff6fe1821511388b1e2dfce581b88690ed4a7e85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/servers/web-apps/lemmy/update.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 142219, "scanner": "repobility-threat-engine", "fingerprint": "1405131d7970945645cf7cb8f03cf924bea6918a64048cd047b2f9e076331de2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1405131d7970945645cf7cb8f03cf924bea6918a64048cd047b2f9e076331de2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/maubot/plugins/update.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 142218, "scanner": "repobility-threat-engine", "fingerprint": "391d035cc9ef875b42f7327976038c68593346978e491a7435341df8c8f975e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractfile(real_hashes_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|391d035cc9ef875b42f7327976038c68593346978e491a7435341df8c8f975e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/libraries/libxcrypt/check_passthru_matches.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 142215, "scanner": "repobility-threat-engine", "fingerprint": "3a3acf2663f11a9006ed1d7b2518bdca2aed88bb6d55b8084ab23f7d6e10e9a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a3acf2663f11a9006ed1d7b2518bdca2aed88bb6d55b8084ab23f7d6e10e9a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/resolve_packages.jl"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 142214, "scanner": "repobility-threat-engine", "fingerprint": "49038f85bafdfe6c6e28412130c0d88aa5b1671ca99d478a6624a590277ec458", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49038f85bafdfe6c6e28412130c0d88aa5b1671ca99d478a6624a590277ec458"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/julia-modules/extract_artifacts.jl"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 142212, "scanner": "repobility-threat-engine", "fingerprint": "9b6b61e1647a78412f0df8b743447a57d182492ab4723fd2851e43d25e871860", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b6b61e1647a78412f0df8b743447a57d182492ab4723fd2851e43d25e871860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/process.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 142208, "scanner": "repobility-threat-engine", "fingerprint": "f69fded04761dade580d98eb9d63d3d573c1f55028b98e43e55f54ff7b086983", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f69fded04761dade580d98eb9d63d3d573c1f55028b98e43e55f54ff7b086983"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/mi/microsoft-edge/update.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 142195, "scanner": "repobility-threat-engine", "fingerprint": "05c4f48f722449d97e6b58b1451911db0b38c740da4e0ee960af79d595bb836e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05c4f48f722449d97e6b58b1451911db0b38c740da4e0ee960af79d595bb836e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/prefetch-npm-deps/src/parse/mod.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 142186, "scanner": "repobility-threat-engine", "fingerprint": "ed3b1cdfa2563b35482019c369089244b4276abfe18e79adf02a5ee6e4fd7fb9", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|2|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/fetchcvs/builder.sh"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 142167, "scanner": "repobility-threat-engine", "fingerprint": "31ae0a6b0148100d7a12409cf2ea16a257c65b932370f41ba42c5eebb660af8e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31ae0a6b0148100d7a12409cf2ea16a257c65b932370f41ba42c5eebb660af8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/dp/dprint/plugins/update-plugins.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 142166, "scanner": "repobility-threat-engine", "fingerprint": "9c894736636dc6a9f8566b138fb0d4b365142091ec87ef017ae25f5ca74ca1aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9c894736636dc6a9f8566b138fb0d4b365142091ec87ef017ae25f5ca74ca1aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/binary-cache/make-binary-cache.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 142162, "scanner": "repobility-threat-engine", "fingerprint": "e03009d28e14a8fe6b995f5cce563bf60547ecacb9a4d8f3155d4a72157137e7", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "exec(argv", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|token|154|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/skaware-packages/sdnotify-wrapper/sdnotify-wrapper.c"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 142160, "scanner": "repobility-threat-engine", "fingerprint": "62b7b92ae117ef8f8d0d43d3b2a46cadf62328af9659a7579acc76df102f5f6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62b7b92ae117ef8f8d0d43d3b2a46cadf62328af9659a7579acc76df102f5f6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/instant-messengers/discord/disable-breaking-updates.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC021", "level": "error", "message": {"text": "[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak."}, "properties": {"repobilityId": 142155, "scanner": "repobility-threat-engine", "fingerprint": "85a4ee834598115d9dd9dfe5fc6a8aa1536265530e8fc30226153fa7bf91837d", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "set -x -eu -o pipefail\n\ncd $(dirname \"$0\")\n\nVERSION=$(curl ${GITHUB_TOKEN:\" -u \\\":$GITHUB_TOKEN", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC021", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|set -x -eu -o pipefail cd dirname 0 version curl github_token: redacted -u : github_token", "duplicate_count": 1, "duplicate_rule_ids": ["SEC021"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["85a4ee834598115d9dd9dfe5fc6a8aa1536265530e8fc30226153fa7bf91837d", "bb0a608b2f285b35dd61f7a90753b7d1455110f63ce53d1867b6733ef9bec5f6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/cluster/linkerd/update-edge.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC021", "level": "error", "message": {"text": "[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak."}, "properties": {"repobilityId": 142154, "scanner": "repobility-threat-engine", "fingerprint": "2f910182a1601a9055fa8aea16536cd8b8753d3bebb5e8bcaab22886eb91a2c6", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "set -x -eu -o pipefail\n\nMAJOR_VERSION=1\nMINOR_VERSION=\"${1:?Must provide a minor version number, lik", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC021", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|set -x -eu -o pipefail major_version 1 minor_version 1: must provide a minor version number lik"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/cluster/k3s/update-script.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 142153, "scanner": "repobility-threat-engine", "fingerprint": "8216fe389d6f1d8521eb609fb70d216d54a625144c017f1986adc91e51fbd684", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(compile", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8216fe389d6f1d8521eb609fb70d216d54a625144c017f1986adc91e51fbd684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/interpreters/python/run_setup.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 142152, "scanner": "repobility-threat-engine", "fingerprint": "93e6ef5e69b6919ef4b7a2f9e1f08545fd95b26220a154c30f086d22329ceac0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(latestInfo", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|93e6ef5e69b6919ef4b7a2f9e1f08545fd95b26220a154c30f086d22329ceac0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/an/antigravity/update.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 142151, "scanner": "repobility-threat-engine", "fingerprint": "fe7a9393350bc3370ceb5705f892c244d9ae2fe3da1917783a11743a286799fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(DEPS_file", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe7a9393350bc3370ceb5705f892c244d9ae2fe3da1917783a11743a286799fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/update.mjs"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 142145, "scanner": "repobility-threat-engine", "fingerprint": "60ebdd8a7cff1a8cbbc190a451b2dc57eee874c9dafec5d47836f903d561a9df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60ebdd8a7cff1a8cbbc190a451b2dc57eee874c9dafec5d47836f903d561a9df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/python-modules/gradio/conftest-skip-network-errors.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 142144, "scanner": "repobility-threat-engine", "fingerprint": "2782c74a2d54038d30d22a61730f86a971f58986434a53abb452f98cfbcf3532", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2782c74a2d54038d30d22a61730f86a971f58986434a53abb452f98cfbcf3532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/mu/music-assistant/update-providers.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 142143, "scanner": "repobility-threat-engine", "fingerprint": "08b20cd376434c70fd88e122942d665f97eff71d961bfe7fabfd394ba9a687bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08b20cd376434c70fd88e122942d665f97eff71d961bfe7fabfd394ba9a687bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 142141, "scanner": "repobility-threat-engine", "fingerprint": "92a61069af3c616ce8070a73253234b462b506e083d23339d27ca61a2fc32a84", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(url_or_request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|36|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/fetchitchio/fetchitchio.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 142140, "scanner": "repobility-threat-engine", "fingerprint": "a5fa5757fad2fb09892916a8ea65cbb6ab397aeb3b6f7039f7472e6fc638ac1c", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|75|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 142139, "scanner": "repobility-threat-engine", "fingerprint": "38c157f3d1ade7bed159b2a37a1c3fed2ca89381a8a942880a03e41ae42d4f99", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(url) as input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|172|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/emacs/elisp-packages/update-from-overlay.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 142132, "scanner": "repobility-threat-engine", "fingerprint": "09d5b121ef3a28c75673be87ea02b329b3eba134b36c3acead7e05808bc98fb1", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'version\\s+\"([^\"]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|36|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/ac/acli/update.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 142131, "scanner": "repobility-threat-engine", "fingerprint": "fdb4a35b2f05d92d8862a50a962556bf9de2f3efab0ed8ade221b84e4f55176c", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'\\d+(\\.\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|35|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/get-commit-message.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 142130, "scanner": "repobility-threat-engine", "fingerprint": "8c4ef18fda8b5101e08f5a85877eeeedae04ab6f54ca176a9a2c70997a531350", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"hash\\s+\\'(sha256-.{44})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|88|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/update-typst-packages.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 142125, "scanner": "repobility-threat-engine", "fingerprint": "912b0e7400bde6075a32d845f875cefbe47a99e8f7fffec38f3ae9d8162a9e55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "all_licenses.update([license.text for license in licenses])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|912b0e7400bde6075a32d845f875cefbe47a99e8f7fffec38f3ae9d8162a9e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/dotnet/make-nuget-source/extract-licenses-from-nupkgs.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 142124, "scanner": "repobility-threat-engine", "fingerprint": "e60bec7d35674114106ed65abd89189ae096c0d2d45e814cabc8bf790edc7157", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "settings.update(missing_settings)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e60bec7d35674114106ed65abd89189ae096c0d2d45e814cabc8bf790edc7157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/instant-messengers/discord/disable-breaking-updates.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 142123, "scanner": "repobility-threat-engine", "fingerprint": "d8b8ff7da789117e2cbaac2b14b97ffa64b7cdf7445e6340d9f3f40187d8c752", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8b8ff7da789117e2cbaac2b14b97ffa64b7cdf7445e6340d9f3f40187d8c752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/kde/generate-sources.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 142117, "scanner": "repobility-threat-engine", "fingerprint": "c0ecdc9517c50fc1b7b1f9950db41c36fa02fc3daa1d22cd366341317e1eb6df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c0ecdc9517c50fc1b7b1f9950db41c36fa02fc3daa1d22cd366341317e1eb6df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/networking/browsers/chromium/get-commit-message.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 142116, "scanner": "repobility-threat-engine", "fingerprint": "7bd0f78fb39b9c680c8532beabfb91988212a6434f65ddbd860a504eadfafeb5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7bd0f78fb39b9c680c8532beabfb91988212a6434f65ddbd860a504eadfafeb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 142115, "scanner": "repobility-threat-engine", "fingerprint": "0cb4da53f3fde2efa22fad500ffa19affaa258143eedc5afd48c83c13d5c3fd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0cb4da53f3fde2efa22fad500ffa19affaa258143eedc5afd48c83c13d5c3fd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/hydra-eval-failures.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 142113, "scanner": "repobility-threat-engine", "fingerprint": "95a4cbbbecc7d5d2ca1717799fe5ccc02a9600b44a3160d90864bb2220e77fcf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95a4cbbbecc7d5d2ca1717799fe5ccc02a9600b44a3160d90864bb2220e77fcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/li/libredirect/test.c"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 142112, "scanner": "repobility-threat-engine", "fingerprint": "7bc230720f336a0ae31236899349ada30a6f588aec321d0c74a2c1cf0b890653", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bc230720f336a0ae31236899349ada30a6f588aec321d0c74a2c1cf0b890653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/by-name/br/brscan4/preload.c"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 142111, "scanner": "repobility-threat-engine", "fingerprint": "37bf2cb8fe8aa37da0216d97d30469c5eeebe90f8c46cbbac002ddba1e6fece7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37bf2cb8fe8aa37da0216d97d30469c5eeebe90f8c46cbbac002ddba1e6fece7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/copy-tarballs.pl"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 142105, "scanner": "repobility-threat-engine", "fingerprint": "f940aba979756c9787761f228b6b75cbb7230f54d7851038524d1ea9bd3d4fe0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f940aba979756c9787761f228b6b75cbb7230f54d7851038524d1ea9bd3d4fe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/development/r-modules/generate-r-packages.R"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 142104, "scanner": "repobility-threat-engine", "fingerprint": "221aaa216ac6aaa45e46e43b2dd53bc1eef900df4c89bb579c00fb9eff03c180", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|221aaa216ac6aaa45e46e43b2dd53bc1eef900df4c89bb579c00fb9eff03c180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nixos/modules/programs/command-not-found/command-not-found.pl"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 142103, "scanner": "repobility-threat-engine", "fingerprint": "16c159c4014085e29f946552fdfe9e3d261d36f704ce4d26e462d78be0cdba40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|16c159c4014085e29f946552fdfe9e3d261d36f704ce4d26e462d78be0cdba40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/copy-tarballs.pl"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 142101, "scanner": "repobility-threat-engine", "fingerprint": "5f9a242933328ad528a326e162f189db9d3ad054ce5e40b4f21dca358a3fdf52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f9a242933328ad528a326e162f189db9d3ad054ce5e40b4f21dca358a3fdf52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 142100, "scanner": "repobility-threat-engine", "fingerprint": "d587f3f2b385cb674d5da228f59434ed40d86ae105f0ce13bb2cb109a9e702df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d587f3f2b385cb674d5da228f59434ed40d86ae105f0ce13bb2cb109a9e702df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/update-channel-branches.sh"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 142099, "scanner": "repobility-threat-engine", "fingerprint": "8c5f5241fc4521c9acaf6cfc70655ff364bd56162cf651549de00c4877a780f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c5f5241fc4521c9acaf6cfc70655ff364bd56162cf651549de00c4877a780f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/copy-tarballs.pl"}, "region": {"startLine": 130}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 142097, "scanner": "repobility-threat-engine", "fingerprint": "3f687d2ab2c434f31fe10c7dd0c324ea24a700be7d45d5c825b8236e86b28cc9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(UPDATES_URL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3f687d2ab2c434f31fe10c7dd0c324ea24a700be7d45d5c825b8236e86b28cc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/jetbrains/updater/jetbrains_nix_updater/fetcher.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 142096, "scanner": "repobility-threat-engine", "fingerprint": "2b9cc3d7d3acbfef606b0f61e944341ca042e0cb449440e1cabfe23a30572313", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b9cc3d7d3acbfef606b0f61e944341ca042e0cb449440e1cabfe23a30572313"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/applications/editors/emacs/elisp-packages/update-from-overlay.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 142095, "scanner": "repobility-threat-engine", "fingerprint": "75d3e2edbe7346dd513303858d9c8aefc790e4f5bdb577e2a04376d2aebf956d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|75d3e2edbe7346dd513303858d9c8aefc790e4f5bdb577e2a04376d2aebf956d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/copy-tarballs.pl"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 142089, "scanner": "repobility-threat-engine", "fingerprint": "a5842b43453f8477abb28802fff2f52cf02b9583e943f905a739fe20311adbe4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5842b43453f8477abb28802fff2f52cf02b9583e943f905a739fe20311adbe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkgs/build-support/node/prefetch-npm-deps/src/cacache.rs"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 142088, "scanner": "repobility-threat-engine", "fingerprint": "c7c180c2800fbc2b93cb18cf649f141b0917291bf3320ee53bc99f39f89b9391", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7c180c2800fbc2b93cb18cf649f141b0917291bf3320ee53bc99f39f89b9391"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/convert-to-import-cargo-lock/src/main.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 142087, "scanner": "repobility-threat-engine", "fingerprint": "a275f13edaa01fcf6e84036406d3291c9a43c5c429b1eb16a72be081b8b1b934", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a275f13edaa01fcf6e84036406d3291c9a43c5c429b1eb16a72be081b8b1b934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maintainers/scripts/check-maintainer-usernames/src/main.rs"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC033", "level": "error", "message": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie)."}, "properties": {"repobilityId": 142078, "scanner": "repobility-threat-engine", "fingerprint": "b14fb0813d46a1f5ff0461642edf577baefbf970520859751e65377722642379", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "[user.login] =", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC033", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b14fb0813d46a1f5ff0461642edf577baefbf970520859751e65377722642379"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/github-script/get-teams.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any