{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `litellm` has no version pin: Unpinned pip requirement means every fresh install may resolv", "shortDescription": {"text": "[MINED124] requirements.txt: `litellm` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible insta"}, "fullDescription": {"text": "Replace `litellm` with `litellm==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `create_html_page` (list): `def create_html_page(... = []/{}/set())` \u2014 Python's d", "shortDescription": {"text": "[MINED109] Mutable default argument in `create_html_page` (list): `def create_html_page(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutate"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def create_html_page(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Combine update and install in the same RUN instruction and clean package indexes in that layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC042", "name": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently s", "shortDescription": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend t"}, "fullDescription": {"text": "Use psycopg2.sql.SQL() + sql.Identifier() for identifiers:\n  from psycopg2 import sql\n  cr.execute(sql.SQL('UPDATE {} SET x=%s').format(sql.Identifier(table)), (value,))\nNever use f-string in cr.execute(). Values go through %s parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_structural_integrity_check` has cognitive complexity 8 (SonarSource scal", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_structural_integrity_check` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `crawl4ai` image is selected through a build variable", "shortDescription": {"text": "Compose service `crawl4ai` image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI halluci", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. ", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `softprops/action-gh-release` pinned to mutable ref `@v2`: `uses: softprops/action-gh-release@v2` reso", "shortDescription": {"text": "[MINED115] Action `softprops/action-gh-release` pinned to mutable ref `@v2`: `uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-file"}, "fullDescription": {"text": "Replace with: `uses: softprops/action-gh-release@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves t", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially differe"}, "fullDescription": {"text": "Replace with: `FROM python:3.12-slim-bookworm@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /stats/reset has no auth: Handler `reset_stats` is registered with router/app.post(...) but no D", "shortDescription": {"text": "[MINED112] FastAPI POST /stats/reset has no auth: Handler `reset_stats` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `input` inside async function `url_seeder_demo`: `input` is a synchronous (blocking) call. When", "shortDescription": {"text": "[MINED110] Blocking call `input` inside async function `url_seeder_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making pro"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_schema: Test function `test_schema` runs code but contains no assert / expect / s", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_schema: Test function `test_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._compute_distance_matrix` used but never assigned in __init__: Method `_get_cached_distance_matrix` of ", "shortDescription": {"text": "[MINED108] `self._compute_distance_matrix` used but never assigned in __init__: Method `_get_cached_distance_matrix` of class `EmbeddingStrategy` reads `self._compute_distance_matrix`, but no assignment to it exists in __init__ (and no clas"}, "fullDescription": {"text": "Initialize `self._compute_distance_matrix = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC032", "name": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without valida", "shortDescription": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served direc"}, "fullDescription": {"text": "Validate THREE things server-side:\n  1. Extension allowlist:\n       ALLOWED = {'.png', '.jpg', '.pdf'}\n       ext = Path(file.filename).suffix.lower()\n       if ext not in ALLOWED: abort(400)\n  2. Magic-byte check (don't trust the extension):\n       import magic\n       mime = magic.from_buffer(file.read(2048), mime=True)\n  3. Save with a random/UUID filename to a non-executable directory.\nSanitize with `werkzeug.secure_filename`. Never reuse the user's name."}, "properties": {"scanner": "repobility-threat-engine", "category": "file_upload", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED133", "name": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.co", "shortDescription": {"text": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.com/services/T00/B00/xxx...`. Webhook URLs are unauthenticated POST endpoints \u2014 anyone with the URL can send messages. The"}, "fullDescription": {"text": "Move the URL to a secret manager / environment variable. Rotate the webhook immediately if this is a live URL (consider it compromised the moment it landed in git)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK` on a `pull_request` trigger: This workflow triggers on `pull_request`", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_WEBHOOK }` lets a PR from any fork exfiltrate the se"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED114", "name": "[MINED114] Admin endpoint without auth: DELETE /admin/sponsors/{sponsor_id}: Handler `delete_sponsor` serves an /admin p", "shortDescription": {"text": "[MINED114] Admin endpoint without auth: DELETE /admin/sponsors/{sponsor_id}: Handler `delete_sponsor` serves an /admin path (/admin/sponsors/{sponsor_id}) and the function has no Depends/Security parameter and no auth marker in its body. Ad"}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "critical", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. T", "shortDescription": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import json` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED007", "name": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection.", "shortDescription": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/845"}, "properties": {"repository": "unclecode/crawl4ai", "repoUrl": "https://github.com/unclecode/crawl4ai", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `litellm` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76254, "scanner": "repobility-supply-chain", "fingerprint": "2c588a2bf03e01b8d7eeb09e90e192b388348ac24e5c99be0816ca7e7fe872c0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c588a2bf03e01b8d7eeb09e90e192b388348ac24e5c99be0816ca7e7fe872c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pydantic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76253, "scanner": "repobility-supply-chain", "fingerprint": "9ad6b3ef267b6d8f11552b07ec92dcc09d581a44506b189ca2a1818e406ee043", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ad6b3ef267b6d8f11552b07ec92dcc09d581a44506b189ca2a1818e406ee043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76252, "scanner": "repobility-supply-chain", "fingerprint": "8a37e7904bb56585212a6f37834f37914d97392a28e4481fa5d0def586ab2746", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a37e7904bb56585212a6f37834f37914d97392a28e4481fa5d0def586ab2746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76251, "scanner": "repobility-supply-chain", "fingerprint": "1f9be312192dd15b7c36f91ce39a98812cf8ee859eaee8b028390d4c3057f921", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f9be312192dd15b7c36f91ce39a98812cf8ee859eaee8b028390d4c3057f921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `crawl4ai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76250, "scanner": "repobility-supply-chain", "fingerprint": "7ab5e33323e40c06b58e63ff2ade5266c6ea99dca471d8d7ea1f7f166a2818e9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ab5e33323e40c06b58e63ff2ade5266c6ea99dca471d8d7ea1f7f166a2818e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `python-dotenv` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76249, "scanner": "repobility-supply-chain", "fingerprint": "e810fc205c226019612c618f9f86ed5bf8c47b1ed242744496dc7148a292f85c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e810fc205c226019612c618f9f86ed5bf8c47b1ed242744496dc7148a292f85c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `python-multipart` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76248, "scanner": "repobility-supply-chain", "fingerprint": "b6bb99c9b89d710c94ecfe4956d5c67942d0b5fe46e3354a03a25ca00dcd4d95", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6bb99c9b89d710c94ecfe4956d5c67942d0b5fe46e3354a03a25ca00dcd4d95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pyyaml` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76247, "scanner": "repobility-supply-chain", "fingerprint": "32dd85087299c8f4b0ae41122a3b763822d68afbb742e400b6afc4f1ef973644", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32dd85087299c8f4b0ae41122a3b763822d68afbb742e400b6afc4f1ef973644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76246, "scanner": "repobility-supply-chain", "fingerprint": "9ebf3213c195f964499df7a84641c341cc989c39619154ddeceeb86f323e6979", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ebf3213c195f964499df7a84641c341cc989c39619154ddeceeb86f323e6979"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76245, "scanner": "repobility-supply-chain", "fingerprint": "18927cae8d053d5052ee71a2d55e2f73b931958cee4c3c13fc4630010882702c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18927cae8d053d5052ee71a2d55e2f73b931958cee4c3c13fc4630010882702c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `create_html_page` (list): `def create_html_page(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 76198, "scanner": "repobility-ast-engine", "fingerprint": "1d1d80cf6fd1160b61e275e19c218cfbb1d55f47a843164b0ab1f4b3b905d4e8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d1d80cf6fd1160b61e275e19c218cfbb1d55f47a843164b0ab1f4b3b905d4e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/general/generate_dummy_site.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76171, "scanner": "repobility-ast-engine", "fingerprint": "31bc816a2a53696117e92c10f7239e6d281b2fc1ef3e387cd9024f30ef447dc4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31bc816a2a53696117e92c10f7239e6d281b2fc1ef3e387cd9024f30ef447dc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76170, "scanner": "repobility-ast-engine", "fingerprint": "efc0c474489a5c27664b3976de2d417d255b5a57c5a916ef304acead1041f938", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efc0c474489a5c27664b3976de2d417d255b5a57c5a916ef304acead1041f938"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76169, "scanner": "repobility-ast-engine", "fingerprint": "082ec0d976f5bea2e7837b761b26eaa5a7a2ecfc8dbf90fffac36f6e66df8862", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|082ec0d976f5bea2e7837b761b26eaa5a7a2ecfc8dbf90fffac36f6e66df8862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76168, "scanner": "repobility-ast-engine", "fingerprint": "5c6049c79d789db583ba6572e571687d391bd9501c11b8f2b176e1d6169552bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c6049c79d789db583ba6572e571687d391bd9501c11b8f2b176e1d6169552bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76167, "scanner": "repobility-ast-engine", "fingerprint": "af629754a10bf9435e44f6e2a3711f053d488eed03e456e6100544aefc8b253e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af629754a10bf9435e44f6e2a3711f053d488eed03e456e6100544aefc8b253e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/async_configs.py"}, "region": {"startLine": 465}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76166, "scanner": "repobility-ast-engine", "fingerprint": "998a4e940618134c61edb3cdde95ae938585fcb24447ee62e47a093f9d864f57", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|998a4e940618134c61edb3cdde95ae938585fcb24447ee62e47a093f9d864f57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/async_configs.py"}, "region": {"startLine": 399}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 76165, "scanner": "repobility-ast-engine", "fingerprint": "a75d2f7d9bd67f62ed13947a654292b69d32810f526392bc012472d0ecb0a225", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a75d2f7d9bd67f62ed13947a654292b69d32810f526392bc012472d0ecb0a225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/async_configs.py"}, "region": {"startLine": 1399}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 76164, "scanner": "repobility-ast-engine", "fingerprint": "5b51853ad550d59d8bb84425d19b25f8e147bd4b9d6d8e229bd689bed25fe13b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b51853ad550d59d8bb84425d19b25f8e147bd4b9d6d8e229bd689bed25fe13b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/async_configs.py"}, "region": {"startLine": 604}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76163, "scanner": "repobility-ast-engine", "fingerprint": "b59cfe637895402ad65dc45a9eea66c9e0fcb0d38cd9678b224cd970bd52c6dd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b59cfe637895402ad65dc45a9eea66c9e0fcb0d38cd9678b224cd970bd52c6dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/content_filter_strategy.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_proceed_with_chunk` (dict): `def _proceed_with_chunk(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 76162, "scanner": "repobility-ast-engine", "fingerprint": "3e66fe94c73bb2f93f246cca7e43da59e4a0a6491afbb70f00b2ab46a23a30d4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e66fe94c73bb2f93f246cca7e43da59e4a0a6491afbb70f00b2ab46a23a30d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/content_filter_strategy.py"}, "region": {"startLine": 973}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76161, "scanner": "repobility-ast-engine", "fingerprint": "b51a830a5b179811a6979306e85cba5ae10400ac7ae90bedd2a521d79b2bb7bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b51a830a5b179811a6979306e85cba5ae10400ac7ae90bedd2a521d79b2bb7bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76160, "scanner": "repobility-ast-engine", "fingerprint": "8e67b8db2cdbe6cdcd1eaa2c9ee38bb538fe8f778f2bd47c3ddd3fb7b52a2da7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e67b8db2cdbe6cdcd1eaa2c9ee38bb538fe8f778f2bd47c3ddd3fb7b52a2da7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 777}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76152, "scanner": "repobility-ast-engine", "fingerprint": "dcb489cee2e5275e33b97e41789c7f495dd148ac1aec7a134e8d54d87ca21138", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcb489cee2e5275e33b97e41789c7f495dd148ac1aec7a134e8d54d87ca21138"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 1426}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76151, "scanner": "repobility-ast-engine", "fingerprint": "a178e808d4fe81e854f8e6256ad8f087fbc1946d9839d4bd68f0ff3fd1465585", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a178e808d4fe81e854f8e6256ad8f087fbc1946d9839d4bd68f0ff3fd1465585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 753}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76125, "scanner": "repobility-ast-engine", "fingerprint": "3a2edb82973d174ae2352165b392ff2016d925cb1556692491193521449a02ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a2edb82973d174ae2352165b392ff2016d925cb1556692491193521449a02ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76124, "scanner": "repobility-ast-engine", "fingerprint": "56e3ba87374206460cd9af54151333a11f80399da5758d4a0167fe96ff545b7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56e3ba87374206460cd9af54151333a11f80399da5758d4a0167fe96ff545b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76123, "scanner": "repobility-ast-engine", "fingerprint": "46a6aaa948cd03a10df3ead3fe8e8b5310bfb4aaa528a22d620a6b8ff3dcc945", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46a6aaa948cd03a10df3ead3fe8e8b5310bfb4aaa528a22d620a6b8ff3dcc945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76122, "scanner": "repobility-ast-engine", "fingerprint": "c1217c1f29ec9f047c1783448a0ee0d35023e3dcc98a34783394f513c1a73778", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1217c1f29ec9f047c1783448a0ee0d35023e3dcc98a34783394f513c1a73778"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76121, "scanner": "repobility-ast-engine", "fingerprint": "0374bc076aa34cb6ce1995329d774b014bdd157e408a638068e5c90cdbf7ae0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0374bc076aa34cb6ce1995329d774b014bdd157e408a638068e5c90cdbf7ae0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76120, "scanner": "repobility-ast-engine", "fingerprint": "71740156eb4f0cebea74f1886bea9bf4f41a079b7276f208f9b3fcc65d888ade", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71740156eb4f0cebea74f1886bea9bf4f41a079b7276f208f9b3fcc65d888ade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76119, "scanner": "repobility-ast-engine", "fingerprint": "293a4d490ae058ec19f57642932fc44ef0f59840105a8a3c05a392dee3f5cc6f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|293a4d490ae058ec19f57642932fc44ef0f59840105a8a3c05a392dee3f5cc6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76114, "scanner": "repobility-ast-engine", "fingerprint": "283f8ca791b7910be49f46fa9916414efa7e17ebc2b111e113708900bb9cf85d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|283f8ca791b7910be49f46fa9916414efa7e17ebc2b111e113708900bb9cf85d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76113, "scanner": "repobility-ast-engine", "fingerprint": "cebbd29acd1b3894932d57c13ca9eb906c0296aa4b8b26011f929aa516faacad", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cebbd29acd1b3894932d57c13ca9eb906c0296aa4b8b26011f929aa516faacad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76112, "scanner": "repobility-ast-engine", "fingerprint": "3895cea5e0c302cd622c7f8a07a3a754fc2c9480b6b250c70245148dd6bec4d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3895cea5e0c302cd622c7f8a07a3a754fc2c9480b6b250c70245148dd6bec4d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76111, "scanner": "repobility-ast-engine", "fingerprint": "42a9c02034a543c0c419a5c1fc3503c955e553f63460647bde38db20c47cef41", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42a9c02034a543c0c419a5c1fc3503c955e553f63460647bde38db20c47cef41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76110, "scanner": "repobility-ast-engine", "fingerprint": "a27312b2a827bbbadf5a804668aff4f60eb716bf8d22d8582d303f4d07842f8c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a27312b2a827bbbadf5a804668aff4f60eb716bf8d22d8582d303f4d07842f8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76109, "scanner": "repobility-ast-engine", "fingerprint": "d01c0fc42283c99d2eb3e44b89168f1f08266953bf86d876da1b20d281253196", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d01c0fc42283c99d2eb3e44b89168f1f08266953bf86d876da1b20d281253196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76108, "scanner": "repobility-ast-engine", "fingerprint": "3f9af2697976e0a5266a404abeff36e4f66c1792102cba882777149168e59c39", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f9af2697976e0a5266a404abeff36e4f66c1792102cba882777149168e59c39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 76100, "scanner": "repobility-journey-contract", "fingerprint": "e73eaa0166f5710a455b6bf0a2184e5f63a842cbed33e0a2c21dbe9bd384047f", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|108|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/admin/admin.js"}, "region": {"startLine": 108}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 76099, "scanner": "repobility-journey-contract", "fingerprint": "165cde4ac4da89fd6bab6c4e32b7818ef85af1ad55979fcaa25c3038cc375a0a", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|50|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/admin/admin.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 76098, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 76095, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 76094, "scanner": "repobility-docker", "fingerprint": "9ff69de9dcabb692fc33a74764f6dfcf9efe8447a3a7a6367d1f656b8556b567", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 138 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 138, "correlation_key": "fp|9ff69de9dcabb692fc33a74764f6dfcf9efe8447a3a7a6367d1f656b8556b567", "dependency_install_line": 144}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 144}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 76091, "scanner": "repobility-docker", "fingerprint": "350cdc1cee9b9db57ff9013199567856a1a657ae1ecf47a4b2b3529c61f99526", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|350cdc1cee9b9db57ff9013199567856a1a657ae1ecf47a4b2b3529c61f99526"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 89}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 76090, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": ".github/workflows/release.yml.backup", "size_mb": 0.0}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 76089, "scanner": "repobility-agent-runtime", "fingerprint": "668a3759959bb6e8de786449687fdefd56f0c8673cc39712a016c358ad0b5583", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|668a3759959bb6e8de786449687fdefd56f0c8673cc39712a016c358ad0b5583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/frontend/app-detail.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 76088, "scanner": "repobility-agent-runtime", "fingerprint": "95ce05b9090c4f3e3e706ed3e3a3484db3830cd68959c6d0e3fd3471d543ac19", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|95ce05b9090c4f3e3e706ed3e3a3484db3830cd68959c6d0e3fd3471d543ac19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/admin/admin.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 76087, "scanner": "repobility-agent-runtime", "fingerprint": "0556f05a797de35c2da5db5863371526a8cc9cefad2c77566737e758bc7dff04", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0556f05a797de35c2da5db5863371526a8cc9cefad2c77566737e758bc7dff04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 76081, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9a99ee20ee5ec45bcc9ae68801878fd9a93542b11c330e127728f55a01917d8", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crawl4ai/adaptive_crawler.py", "correlation_key": "fp|a9a99ee20ee5ec45bcc9ae68801878fd9a93542b11c330e127728f55a01917d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 76079, "scanner": "repobility-threat-engine", "fingerprint": "52b10b32844f448692f35dac21b2ed9b15d9ac097d2058daf0fb636314b6446f", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "location.href = targetUrl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|52b10b32844f448692f35dac21b2ed9b15d9ac097d2058daf0fb636314b6446f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/assets/selection_ask_ai.js"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 76062, "scanner": "repobility-threat-engine", "fingerprint": "b27be733df166f3f8eedf010a4c2f5e8f394e98d8577c9d700e33a1145ad61fc", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.3 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "password = \"<redacted>\"", "reason": "Low entropy value (2.3 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_cloudflare_challenge.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC002", "level": "warning", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 76060, "scanner": "repobility-threat-engine", "fingerprint": "f610c2039d272065fbebfe094360b44bea7db7ff2e4f76be2d5b212b6627dc3c", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (1.0 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path] Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "api_key = \"<redacted>\"", "reason": "Low entropy value (1.0 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|api_key redacted", "duplicate_count": 2, "duplicate_rule_ids": ["SEC002"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["b854184bae3dabfa429caec5f4632f610af8806ec75f7d662875f953be6da511", "cb8450a65b2056e1dce75c65b0b9eed6bd2778602ae4a80b32d1914c35903709", "f610c2039d272065fbebfe094360b44bea7db7ff2e4f76be2d5b212b6627dc3c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_aws_waf.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 76057, "scanner": "repobility-threat-engine", "fingerprint": "89369705ef8775b1f8246b2b801bc9d94a85714e011f219251fcc2be37ef2c9a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|89369705ef8775b1f8246b2b801bc9d94a85714e011f219251fcc2be37ef2c9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/c4a-script/server.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 76056, "scanner": "repobility-threat-engine", "fingerprint": "16c3baf8b1585a82815f9564a7afcb585061f5a0915ff1a74a04b85557867272", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|16c3baf8b1585a82815f9564a7afcb585061f5a0915ff1a74a04b85557867272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/c4a_script/tutorial/server.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 76051, "scanner": "repobility-threat-engine", "fingerprint": "a0c2218ec3e89c79c40fabc438946c429da9c5c6766028c165bf6a318c57e86b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a0c2218ec3e89c79c40fabc438946c429da9c5c6766028c165bf6a318c57e86b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "setup.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 76050, "scanner": "repobility-threat-engine", "fingerprint": "159f998f0156919bb967aa0bcd6c36e96db33b6ded1c99cfe8383c3bbf7989f8", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|159f998f0156919bb967aa0bcd6c36e96db33b6ded1c99cfe8383c3bbf7989f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker/demo_docker_polling.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 76049, "scanner": "repobility-threat-engine", "fingerprint": "5401224d626802a3ce1cc15aa810f8b444d569379efa4aa38fe5983193fba752", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5401224d626802a3ce1cc15aa810f8b444d569379efa4aa38fe5983193fba752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/crawler_pool.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 76042, "scanner": "repobility-threat-engine", "fingerprint": "92870ddc5f9c8f4d334d0af920d96f1d1a7e14a0e562de05ba3414edfa5afd0f", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_access_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|deploy/docker/auth.py|53|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/auth.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 76036, "scanner": "repobility-threat-engine", "fingerprint": "1491892592e5a35b994d3c3a28a7143c1080104ec0605b5871fb67a08fc60dc1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n            # Simple extraction assuming http://ip:port format\n            if \"://\" in self.ser", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1491892592e5a35b994d3c3a28a7143c1080104ec0605b5871fb67a08fc60dc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/proxy_strategy.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 76035, "scanner": "repobility-threat-engine", "fingerprint": "e4e9287308dd684224fb928b05597ecd45f1b3df1f16c7ee80b6a1d77696fbf6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n            return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e4e9287308dd684224fb928b05597ecd45f1b3df1f16c7ee80b6a1d77696fbf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/version_manager.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC042", "level": "warning", "message": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend the f-string to user input without noticing. CWE-89. Identifiers (table/column names) need a separate escaping path from values."}, "properties": {"repobilityId": 76024, "scanner": "repobility-threat-engine", "fingerprint": "29100170cb7fe482d001cb8a299362baa8903428123ef090b3c666aae8ae36fc", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cursor.execute(f\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC042", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|31|sec042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/database.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC042", "level": "warning", "message": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend the f-string to user input without noticing. CWE-89. Identifiers (table/column names) need a separate escaping path from values."}, "properties": {"repobilityId": 76023, "scanner": "repobility-threat-engine", "fingerprint": "cefdbeffbca58005401584c5d1c504f29052e501b89ad1dee608d5e457d54430", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cursor.execute(\n            f'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC042", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|crawl4ai/legacy/database.py|40|sec042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/database.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 76007, "scanner": "repobility-threat-engine", "fingerprint": "04935259d3ef23d9c986d5f2b64f0d7555534df99ab51298199f8394035b5ea7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url=\"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|04935259d3ef23d9c986d5f2b64f0d7555534df99ab51298199f8394035b5ea7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/c4a_script/demo_c4a_crawl4ai.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 76006, "scanner": "repobility-threat-engine", "fingerprint": "fd1aef4580c457a739f65dde1c7b1a07b168402f91fc7f23941af2c8eb525b90", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url=\"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fd1aef4580c457a739f65dde1c7b1a07b168402f91fc7f23941af2c8eb525b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/builtin_browser_example.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 76005, "scanner": "repobility-threat-engine", "fingerprint": "651b39d4e505b7ce8979439c89b79741d8d10b2b6ee775722d72a011ac295eb2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"user@example.com\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|651b39d4e505b7ce8979439c89b79741d8d10b2b6ee775722d72a011ac295eb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 76101, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 76097, "scanner": "repobility-docker", "fingerprint": "7797aaf585d5250b88665ace61daaad476ae9ad75a4c78f61c3aebb460e0de49", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "crawl4ai", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7797aaf585d5250b88665ace61daaad476ae9ad75a4c78f61c3aebb460e0de49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 76093, "scanner": "repobility-docker", "fingerprint": "f06441d0d00a6ae94c25eff4a4eb4d2176e617c4bab23fdf670bc1824e6efd17", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f06441d0d00a6ae94c25eff4a4eb4d2176e617c4bab23fdf670bc1824e6efd17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 158}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 76086, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20516d2c223cd855536c5ae39640c1a5e1a1205d602e1e208eb1941408a23e8f", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "AdaptiveConfig", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "crawl4ai/adaptive_crawler.py", "correlation_key": "fp|20516d2c223cd855536c5ae39640c1a5e1a1205d602e1e208eb1941408a23e8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76085, "scanner": "repobility-ai-code-hygiene", "fingerprint": "605811ecf18ccfda4d0c669fcf1f8500dc014c9ef879c9bb1b3e225c41c2b040", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crawl4ai/install.py", "duplicate_line": 14, "correlation_key": "fp|605811ecf18ccfda4d0c669fcf1f8500dc014c9ef879c9bb1b3e225c41c2b040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "setup.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76084, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8fdfa43119e84b5d57686e09fb2e3deff3177047cdcd760006c2e9fcdddcf0bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crawl4ai/models.py", "duplicate_line": 102, "correlation_key": "fp|8fdfa43119e84b5d57686e09fb2e3deff3177047cdcd760006c2e9fcdddcf0bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/server.py"}, "region": {"startLine": 380}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76083, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c61cad6d9f0e2c9b0fb9bf2af84758993627d7e39b713e61f966ddfe764fb9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crawl4ai/deep_crawling/bfs_strategy.py", "duplicate_line": 224, "correlation_key": "fp|5c61cad6d9f0e2c9b0fb9bf2af84758993627d7e39b713e61f966ddfe764fb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/deep_crawling/dfs_strategy.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76082, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b3fdb9f124386edfcebb6a9ce2b5b8e5e36edf28b92ba4c3ff386fe65410404", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crawl4ai/deep_crawling/bff_strategy.py", "duplicate_line": 25, "correlation_key": "fp|9b3fdb9f124386edfcebb6a9ce2b5b8e5e36edf28b92ba4c3ff386fe65410404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/deep_crawling/bfs_strategy.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 76065, "scanner": "repobility-threat-engine", "fingerprint": "0ad79ca0712846196c53212d4d8f239109162679ff207e984383e2318f2916b3", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|138|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/crawl4ai-assistant/content/shared/utils.js"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 76064, "scanner": "repobility-threat-engine", "fingerprint": "2c3cc0bd821030ddf1cf81e9c6c57d8c7609aad0a165674d296c0b94fc6a3cab", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|43|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/crawl4ai-assistant/content/markdownPreviewModal.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 76037, "scanner": "repobility-threat-engine", "fingerprint": "f0648027c2357357be5d2c9c6f7f86afc7677ddbf6ebdf6ca280ae3fc1216452", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(file_path):\n            async with aiofiles.open(file_path, \"w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f0648027c2357357be5d2c9c6f7f86afc7677ddbf6ebdf6ca280ae3fc1216452"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/migrations.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_structural_integrity_check` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=7, ternary=1."}, "properties": {"repobilityId": 75986, "scanner": "repobility-threat-engine", "fingerprint": "e2df545bfec2512d4894e9baee049cb65c525d0f1f70b96c7137ebc82d928ea9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_structural_integrity_check", "breakdown": {"if": 7, "ternary": 1}, "complexity": 8, "correlation_key": "fp|e2df545bfec2512d4894e9baee049cb65c525d0f1f70b96c7137ebc82d928ea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/antibot_detector.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `crawl4ai` image is selected through a build variable"}, "properties": {"repobilityId": 76096, "scanner": "repobility-docker", "fingerprint": "d9a2228a3857931b87a38e9ea6c4768ce1642f4e75093b4e3400fe14db172822", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${IMAGE:-unclecode/crawl4ai:${TAG:-latest}}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d9a2228a3857931b87a38e9ea6c4768ce1642f4e75093b4e3400fe14db172822"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 76080, "scanner": "repobility-threat-engine", "fingerprint": "97171aacf43e5f50851826fdda2628f3000a487e03effcd2d8ab6231f0c9ac25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97171aacf43e5f50851826fdda2628f3000a487e03effcd2d8ab6231f0c9ac25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "setup.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 76078, "scanner": "repobility-threat-engine", "fingerprint": "af24f2fa076733390d3817ef29f0af16b7123762ad3e8df25d1a9dea55240e2a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af24f2fa076733390d3817ef29f0af16b7123762ad3e8df25d1a9dea55240e2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/crawl4ai-assistant/content/markdownPreviewModal.js"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 76075, "scanner": "repobility-threat-engine", "fingerprint": "93620bc58c9335cbf94f850445450d951d6aea62482cfc1567325e72b2988bd8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93620bc58c9335cbf94f850445450d951d6aea62482cfc1567325e72b2988bd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/table_extraction_example.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 76074, "scanner": "repobility-threat-engine", "fingerprint": "de8a5d6dcb524a1ebfbce65b2261357217960cc604d2182849e54dd5469bc841", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de8a5d6dcb524a1ebfbce65b2261357217960cc604d2182849e54dd5469bc841"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/demo_multi_config_clean.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 76073, "scanner": "repobility-threat-engine", "fingerprint": "1651c8ecca12c66dbd2e27ff0d8c92566b8822a6ed1c4ae69870c9fa353b2c6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1651c8ecca12c66dbd2e27ff0d8c92566b8822a6ed1c4ae69870c9fa353b2c6e", "aggregated_count": 1}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 76072, "scanner": "repobility-threat-engine", "fingerprint": "c3ff69c4348b7f0022c7a1a88a0e3209df898ff931880f4db8fefba3675807c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3ff69c4348b7f0022c7a1a88a0e3209df898ff931880f4db8fefba3675807c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/identity_based_browsing.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 76071, "scanner": "repobility-threat-engine", "fingerprint": "8d3636f7b348ef31cffc27af698d1f8b10bd7397e948c2075e8b99c4f2e8c5ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d3636f7b348ef31cffc27af698d1f8b10bd7397e948c2075e8b99c4f2e8c5ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker_config_obj.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 76070, "scanner": "repobility-threat-engine", "fingerprint": "c0b9b8dcbded026d373ed0e2e9c807a6e86c109af0e862a2ef9e8127c4ede872", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0b9b8dcbded026d373ed0e2e9c807a6e86c109af0e862a2ef9e8127c4ede872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/demo_multi_config_clean.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "SEC006", "level": "none", "message": {"text": "[SEC006] XSS Risk (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 76066, "scanner": "repobility-threat-engine", "fingerprint": "8ee200be9cf52fbf51817588dba3eaf54f0d07f928eb29d9f45b55c0c661c51d", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8ee200be9cf52fbf51817588dba3eaf54f0d07f928eb29d9f45b55c0c661c51d"}}}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 76061, "scanner": "repobility-threat-engine", "fingerprint": "8d393ed37db2f61f3521542611851c248973897e30954f7d68f19b1ec85b9538", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8d393ed37db2f61f3521542611851c248973897e30954f7d68f19b1ec85b9538"}}}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 76059, "scanner": "repobility-threat-engine", "fingerprint": "f80554624bae26a917290c9fef31eb420073d13d3880d4e4d64c18dfaacbf89e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f80554624bae26a917290c9fef31eb420073d13d3880d4e4d64c18dfaacbf89e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/c4a-script/server.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 76058, "scanner": "repobility-threat-engine", "fingerprint": "9c93cf86dc7c37926e48ac8f65289ce37d511729a445a33b778e08541052aba1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9c93cf86dc7c37926e48ac8f65289ce37d511729a445a33b778e08541052aba1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/c4a_script/tutorial/server.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 76055, "scanner": "repobility-threat-engine", "fingerprint": "71b38a4f77a05f6bfd16b2fbcd1b951e2a53f712faa7be5e8d969d6783a4c212", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|71b38a4f77a05f6bfd16b2fbcd1b951e2a53f712faa7be5e8d969d6783a4c212"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 76047, "scanner": "repobility-threat-engine", "fingerprint": "6b918ab3aa462b78e93988f354869307a58968b4de16bc57473635ed3a3d4891", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b918ab3aa462b78e93988f354869307a58968b4de16bc57473635ed3a3d4891"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/auth.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 76046, "scanner": "repobility-threat-engine", "fingerprint": "71d23e8be37aca040a52b298288139d03b0a2ee5e2166ea3b7b0733498602571", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|71d23e8be37aca040a52b298288139d03b0a2ee5e2166ea3b7b0733498602571", "aggregated_count": 3}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 76045, "scanner": "repobility-threat-engine", "fingerprint": "22b04669ce81330be52ae8c70353635c55a130b7af054d5760c7285ed60f711c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|22b04669ce81330be52ae8c70353635c55a130b7af054d5760c7285ed60f711c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_recaptcha_v2.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 76044, "scanner": "repobility-threat-engine", "fingerprint": "220807cb4b0efa85d17ba0cb62c8ef42f8e189da4d67572bf4307faa58d46aca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|220807cb4b0efa85d17ba0cb62c8ef42f8e189da4d67572bf4307faa58d46aca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_cloudflare_turnstile.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 76043, "scanner": "repobility-threat-engine", "fingerprint": "8adf9b8cc4b049a617eaa49bc0a94066943abab662ed1b04752943c8a0f2ead7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8adf9b8cc4b049a617eaa49bc0a94066943abab662ed1b04752943c8a0f2ead7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/auth.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 76041, "scanner": "repobility-threat-engine", "fingerprint": "3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3c1512ec1e531167a3aa928d567398e9cb8cbf7ff40fccf993810ebf40229e88"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 76038, "scanner": "repobility-threat-engine", "fingerprint": "0c907897c05913818b31216a7f372b85b939620a90715d6a66339607128bf152", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|crawl4ai/model_loader.py|80|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/model_loader.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 76034, "scanner": "repobility-threat-engine", "fingerprint": "22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "aggregated_count": 3}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 76033, "scanner": "repobility-threat-engine", "fingerprint": "1ebfb072c4fd8e552eea6093ac878fd0edf244c5f17a68349a44490ffddb27b2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ebfb072c4fd8e552eea6093ac878fd0edf244c5f17a68349a44490ffddb27b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/nst_proxy/api_proxy_example.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 76032, "scanner": "repobility-threat-engine", "fingerprint": "381b65a490eb0892f1a9c704cadad9570dcfc6658daee1ebae22d151aae44952", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|381b65a490eb0892f1a9c704cadad9570dcfc6658daee1ebae22d151aae44952"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/processors/pdf/__init__.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 76031, "scanner": "repobility-threat-engine", "fingerprint": "3f61a1c5387ee1c1c6eaf264bfb3e781e89c3b10217f29438780fa9424e1416c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f61a1c5387ee1c1c6eaf264bfb3e781e89c3b10217f29438780fa9424e1416c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/docs_manager.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 76030, "scanner": "repobility-threat-engine", "fingerprint": "4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 76020, "scanner": "repobility-threat-engine", "fingerprint": "5dbb9c9aeae4e323789e3c8382a48b9986a1c09f59fc9918e319871ba411dc73", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5dbb9c9aeae4e323789e3c8382a48b9986a1c09f59fc9918e319871ba411dc73", "aggregated_count": 10}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76019, "scanner": "repobility-threat-engine", "fingerprint": "007fdb65f5e8007aa7ffef580929c8206e7951772fe1642558f0d76823d1ee8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|007fdb65f5e8007aa7ffef580929c8206e7951772fe1642558f0d76823d1ee8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/c4a_script/github_search/generated_search_script.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76018, "scanner": "repobility-threat-engine", "fingerprint": "9ef61665eef50863fbe08d625f30bb96e18c76722c0ee4800a4103e1fd05feaa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ef61665eef50863fbe08d625f30bb96e18c76722c0ee4800a4103e1fd05feaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/apps/linkdin/templates/ai.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76017, "scanner": "repobility-threat-engine", "fingerprint": "e584f440d3bab01b1aca21440463a4641fcae3aaef518fac703af157733c801b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e584f440d3bab01b1aca21440463a4641fcae3aaef518fac703af157733c801b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/js_snippet/remove_overlay_elements.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 76016, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 76008, "scanner": "repobility-threat-engine", "fingerprint": "6b8378aaeedaf26cdebd850b0602d524fef41abe070abe55f125cce6b1f32bce", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6b8378aaeedaf26cdebd850b0602d524fef41abe070abe55f125cce6b1f32bce"}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 76004, "scanner": "repobility-threat-engine", "fingerprint": "f9cffccedb5953ca7d4671f715a4e4d4c7f6e4dd877fccbb76831c55544beb74", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9cffccedb5953ca7d4671f715a4e4d4c7f6e4dd877fccbb76831c55544beb74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/crawlers/google_search/crawler.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 76002, "scanner": "repobility-threat-engine", "fingerprint": "cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "aggregated_count": 12}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 76001, "scanner": "repobility-threat-engine", "fingerprint": "4d5178255cae2948cdf7fa9c5a468eb24bc7b5b3ad8cd07b7d51f9d67bec74e9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d5178255cae2948cdf7fa9c5a468eb24bc7b5b3ad8cd07b7d51f9d67bec74e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 76000, "scanner": "repobility-threat-engine", "fingerprint": "a767ac28a24195ffca1c54184fa978e2d6a47b31bd3ed4a42da2ab93e6b0d8f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a767ac28a24195ffca1c54184fa978e2d6a47b31bd3ed4a42da2ab93e6b0d8f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/deep_crawling/base_strategy.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 75999, "scanner": "repobility-threat-engine", "fingerprint": "66e2ef6a14752168204d5f80b4d7ecf1b1817f64476f81a17d084c794a88569f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66e2ef6a14752168204d5f80b4d7ecf1b1817f64476f81a17d084c794a88569f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/chunking_strategy.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 75998, "scanner": "repobility-threat-engine", "fingerprint": "ca0511edace476be6f173fd509ad63731d7b01e316b1aac4f3181105c3269657", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca0511edace476be6f173fd509ad63731d7b01e316b1aac4f3181105c3269657"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/script/c4a_result.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 75997, "scanner": "repobility-threat-engine", "fingerprint": "47771b2268dd7d9f3cbfe441b6d73c57516e4bdec362e18f02fa2966eea75335", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47771b2268dd7d9f3cbfe441b6d73c57516e4bdec362e18f02fa2966eea75335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/cache_validator.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 75996, "scanner": "repobility-threat-engine", "fingerprint": "eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "aggregated_count": 8}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 75995, "scanner": "repobility-threat-engine", "fingerprint": "acaf23e09b40a435fd39283f8bc611d77230b7e78a129b7f88efb931d5ae1bf1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|acaf23e09b40a435fd39283f8bc611d77230b7e78a129b7f88efb931d5ae1bf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/processors/pdf/__init__.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 75994, "scanner": "repobility-threat-engine", "fingerprint": "dc386fc1c79ca381c76f2e7f9a57a9e99391be915e2b15cc761384e061314b3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc386fc1c79ca381c76f2e7f9a57a9e99391be915e2b15cc761384e061314b3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 75993, "scanner": "repobility-threat-engine", "fingerprint": "c37b638f6679d46e5e73f6f67553790cf4503146eff524657a11461472ac9e29", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c37b638f6679d46e5e73f6f67553790cf4503146eff524657a11461472ac9e29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/cache_context.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 75992, "scanner": "repobility-threat-engine", "fingerprint": "82c6b69256192cc53f3e97906f4b7b1953127ff4369eaf5cc476c6a6e6d7a62f", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|82c6b69256192cc53f3e97906f4b7b1953127ff4369eaf5cc476c6a6e6d7a62f"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "properties": {"repobilityId": 75988, "scanner": "repobility-threat-engine", "fingerprint": "5a387555f08997816de0cf1bf3eba11b9e08d7cfadc96dd9f77a7c939d7efa1e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 54 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "is_blocked", "breakdown": {"if": 14, "or": 1, "for": 4, "else": 1, "nested_bonus": 15}, "aggregated": true, "complexity": 35, "correlation_key": "fp|5a387555f08997816de0cf1bf3eba11b9e08d7cfadc96dd9f77a7c939d7efa1e", "aggregated_count": 54}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `softprops/action-gh-release` pinned to mutable ref `@v2`: `uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76263, "scanner": "repobility-supply-chain", "fingerprint": "4ea86a813c5a4ca316afdf9f8ab62f6c86dd79717c9c0ccc029db11325a13992", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ea86a813c5a4ca316afdf9f8ab62f6c86dd79717c9c0ccc029db11325a13992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76262, "scanner": "repobility-supply-chain", "fingerprint": "7bc215706d5d5f9a335a98869250f6decb18e3419a0aac85254e7946241d7f13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bc215706d5d5f9a335a98869250f6decb18e3419a0aac85254e7946241d7f13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76261, "scanner": "repobility-supply-chain", "fingerprint": "30a7622fbd27b5aeda6e7a525e31ce65e85de0539eec38030505a4860af04e22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30a7622fbd27b5aeda6e7a525e31ce65e85de0539eec38030505a4860af04e22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Ilshidur/action-discord` pinned to mutable ref `@master`: `uses: Ilshidur/action-discord@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76256, "scanner": "repobility-supply-chain", "fingerprint": "6ea18f2ee209d90a2c0f252b4f51dd9069411d33fa0ae35e7aeeeaf908b8a3d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ea18f2ee209d90a2c0f252b4f51dd9069411d33fa0ae35e7aeeeaf908b8a3d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76255, "scanner": "repobility-supply-chain", "fingerprint": "32f6c2e4c962e371c25ac8476b9d9f474f8715d6565d2dc6eda9ae2f13718a07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32f6c2e4c962e371c25ac8476b9d9f474f8715d6565d2dc6eda9ae2f13718a07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-release.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 76244, "scanner": "repobility-supply-chain", "fingerprint": "c31854957760a83b1fe9c7439e8e536f98e46db08a5218c5db9d729beb478f14", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c31854957760a83b1fe9c7439e8e536f98e46db08a5218c5db9d729beb478f14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /stats/reset has no auth: Handler `reset_stats` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76243, "scanner": "repobility-route-auth", "fingerprint": "3fa128973fb9bbf10292754ee2c6f5ba0b44999c2d71e12574ddda0bf76de414", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3fa128973fb9bbf10292754ee2c6f5ba0b44999c2d71e12574ddda0bf76de414"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/monitor_routes.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /actions/restart_browser has no auth: Handler `restart_browser` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76242, "scanner": "repobility-route-auth", "fingerprint": "e8f9c6dc8834320c7910882ff61022d7757b4e8ef3ebedac02b1d4478b68afb3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e8f9c6dc8834320c7910882ff61022d7757b4e8ef3ebedac02b1d4478b68afb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/monitor_routes.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /actions/kill_browser has no auth: Handler `kill_browser` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76241, "scanner": "repobility-route-auth", "fingerprint": "7a478ee7e04fe33bf5685e06a7e145b8bb2e47e4421c000d77c1627b751cc329", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|7a478ee7e04fe33bf5685e06a7e145b8bb2e47e4421c000d77c1627b751cc329"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/monitor_routes.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /actions/cleanup has no auth: Handler `force_cleanup` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76240, "scanner": "repobility-route-auth", "fingerprint": "43f6b773fa371fb0855f0fc017d956b21d02ccf5063087d0b8cc676117cbceef", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|43f6b773fa371fb0855f0fc017d956b21d02ccf5063087d0b8cc676117cbceef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/monitor_routes.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /token has no auth: Handler `get_token` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76239, "scanner": "repobility-route-auth", "fingerprint": "f82be3829fe7c3ad3f42405c0f6da672892475acb7f2fbc5febe0341c0d09cb6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f82be3829fe7c3ad3f42405c0f6da672892475acb7f2fbc5febe0341c0d09cb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/server.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /models/{model_name} has no auth: Handler `delete_model_config` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76238, "scanner": "repobility-route-auth", "fingerprint": "0fe5779cf76b53033dd775ea00babc2e0c80aad1d0a6e100e3a3e289798bab89", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0fe5779cf76b53033dd775ea00babc2e0c80aad1d0a6e100e3a3e289798bab89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 341}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /models has no auth: Handler `save_model_config` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76237, "scanner": "repobility-route-auth", "fingerprint": "fc124ac1ed25aa00d64822f9fc144d264326e9e08a982d1eb6d43a54d4b962bb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|fc124ac1ed25aa00d64822f9fc144d264326e9e08a982d1eb6d43a54d4b962bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /clear-cache has no auth: Handler `clear_schema_cache` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76236, "scanner": "repobility-route-auth", "fingerprint": "4758906e2750e530ecc8b5bc5f75dd0760e8e1d8314503b50146d370b22cd5b8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4758906e2750e530ecc8b5bc5f75dd0760e8e1d8314503b50146d370b22cd5b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /saved-requests/{request_id} has no auth: Handler `delete_saved_request` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76235, "scanner": "repobility-route-auth", "fingerprint": "f17c9df66f7fbd8da630f60c79f8d787e616ff2a8b1e6d5089c1d87e082963e6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f17c9df66f7fbd8da630f60c79f8d787e616ff2a8b1e6d5089c1d87e082963e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /scrape-with-llm has no auth: Handler `scrape_website_endpoint_with_llm` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76234, "scanner": "repobility-route-auth", "fingerprint": "10747a66564db1a7de7bf26e250df07490f2b0b1c8a052121985cc84e5b045f7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|10747a66564db1a7de7bf26e250df07490f2b0b1c8a052121985cc84e5b045f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /scrape has no auth: Handler `scrape_website_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 76233, "scanner": "repobility-route-auth", "fingerprint": "55e173841f70ecede7027e48bf3d061c0525ff21393c70dc26a397348af213e0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|55e173841f70ecede7027e48bf3d061c0525ff21393c70dc26a397348af213e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/website-to-api/api_server.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `url_seeder_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76215, "scanner": "repobility-ast-engine", "fingerprint": "c97c940e1baedce9fe9389e7416d4f1715275716894c3aedbccec7bd861b637b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c97c940e1baedce9fe9389e7416d4f1715275716894c3aedbccec7bd861b637b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 948}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `url_seeder_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76214, "scanner": "repobility-ast-engine", "fingerprint": "538aaa82c439ad8b8ea5d46db10b499735d01f17d1bae849e30af5ced42e9c0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|538aaa82c439ad8b8ea5d46db10b499735d01f17d1bae849e30af5ced42e9c0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 892}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `url_seeder_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76213, "scanner": "repobility-ast-engine", "fingerprint": "a8f0d1408b9dfc31f29b23434e44d8c9bd6f2408ca0ecd776086dd15f2063030", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8f0d1408b9dfc31f29b23434e44d8c9bd6f2408ca0ecd776086dd15f2063030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 864}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `virtual_scroll_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76212, "scanner": "repobility-ast-engine", "fingerprint": "7321a83ce66ea2653e3c2dcfd4c1258ce10b376e36e31ebde2b73fb78a6d62c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7321a83ce66ea2653e3c2dcfd4c1258ce10b376e36e31ebde2b73fb78a6d62c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 744}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `virtual_scroll_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76211, "scanner": "repobility-ast-engine", "fingerprint": "68d65e2e9d71d14a8ce996d00c6e7e3ad3a05c75a7758d23282bdcdc73aa128a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68d65e2e9d71d14a8ce996d00c6e7e3ad3a05c75a7758d23282bdcdc73aa128a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 702}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `adaptive_crawling_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76210, "scanner": "repobility-ast-engine", "fingerprint": "7edb96d35928adde7a289499e0d5505a3d517ce2d85750913614181861a55493", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7edb96d35928adde7a289499e0d5505a3d517ce2d85750913614181861a55493"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `adaptive_crawling_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76209, "scanner": "repobility-ast-engine", "fingerprint": "a7fabc1cac16704454effb570e4beefb1cb7055180a12dd6d7d56165463ca7a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7fabc1cac16704454effb570e4beefb1cb7055180a12dd6d7d56165463ca7a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 448}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `link_preview_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76208, "scanner": "repobility-ast-engine", "fingerprint": "cef8b76bc70ce6c1587b28ea1cbad6d775741cc365aa2b8b18fdb1960bfe49b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cef8b76bc70ce6c1587b28ea1cbad6d775741cc365aa2b8b18fdb1960bfe49b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `link_preview_demo`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76207, "scanner": "repobility-ast-engine", "fingerprint": "10ea2768befb408e680abecf440d8df12c13a9ca31a6d7621ec87a4be588f0ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10ea2768befb408e680abecf440d8df12c13a9ca31a6d7621ec87a4be588f0ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/releases_review/crawl4ai_v0_7_0_showcase.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76206, "scanner": "repobility-ast-engine", "fingerprint": "737d5fdd88548d135db827de128b24cca0770bd04fd381610fcb736021565a91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|737d5fdd88548d135db827de128b24cca0770bd04fd381610fcb736021565a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker_config_obj.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76205, "scanner": "repobility-ast-engine", "fingerprint": "62195d49a2ef279ab4c4088a89515481365e989536d53bd4a341d7d214c47add", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62195d49a2ef279ab4c4088a89515481365e989536d53bd4a341d7d214c47add"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/identity_based_browsing.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76204, "scanner": "repobility-ast-engine", "fingerprint": "e4bfc2f98d920267fd7d9518dbc418e549dfd8d476b4cdddf8d212f28fcffa0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4bfc2f98d920267fd7d9518dbc418e549dfd8d476b4cdddf8d212f28fcffa0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/demo_multi_config_clean.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `analyze_spa_network_traffic`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76203, "scanner": "repobility-ast-engine", "fingerprint": "41d8fd7ba6a2f18514c4d420f5e46ad68acebbc13cdcad3a419ac33283b93ed1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41d8fd7ba6a2f18514c4d420f5e46ad68acebbc13cdcad3a419ac33283b93ed1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/network_console_capture_example.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76201, "scanner": "repobility-ast-engine", "fingerprint": "255cc52050f8b928106de5094a0ff9c6db74f469a5c12f3105860658d4f53e30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|255cc52050f8b928106de5094a0ff9c6db74f469a5c12f3105860658d4f53e30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker_hooks_examples.py"}, "region": {"startLine": 562}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `test_performance_scaling_lab`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76197, "scanner": "repobility-ast-engine", "fingerprint": "ac5f04075bd64eeb9a276acf58a325cb7c37605d7bde02943ffa17a0242dfb78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac5f04075bd64eeb9a276acf58a325cb7c37605d7bde02943ffa17a0242dfb78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/browser/test_builtin_browser.py"}, "region": {"startLine": 732}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `test_performance_scaling_lab`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76196, "scanner": "repobility-ast-engine", "fingerprint": "23cc546e0ed2b4d509c47f8768195eadbc37273fce23cb13eb5cbeb7d0248f94", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23cc546e0ed2b4d509c47f8768195eadbc37273fce23cb13eb5cbeb7d0248f94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/browser/test_builtin_browser.py"}, "region": {"startLine": 663}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `test_performance_scaling`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76195, "scanner": "repobility-ast-engine", "fingerprint": "03696d9b6416053dbfdfd5c84342c9a6f1d4b26fa443fb8aa2b1f454c2356be9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03696d9b6416053dbfdfd5c84342c9a6f1d4b26fa443fb8aa2b1f454c2356be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/browser/test_builtin_browser.py"}, "region": {"startLine": 538}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `test_performance_scaling`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76194, "scanner": "repobility-ast-engine", "fingerprint": "a3257e672bcc472bdef708db2e906927073eda9fbab5b910d3705a0118bb38eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3257e672bcc472bdef708db2e906927073eda9fbab5b910d3705a0118bb38eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/browser/test_builtin_browser.py"}, "region": {"startLine": 469}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_schema: Test function `test_schema` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76190, "scanner": "repobility-ast-engine", "fingerprint": "55d8958750122ff423dc66292a4423585ce46e6baff42c36c63c3d91f4fed3c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55d8958750122ff423dc66292a4423585ce46e6baff42c36c63c3d91f4fed3c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_docker_api_with_llm_provider.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_health: Test function `test_health` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76189, "scanner": "repobility-ast-engine", "fingerprint": "a619ba4ee6376f72f01affac3645be7f5c54b3924fd72ca32686f8a8860df001", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a619ba4ee6376f72f01affac3645be7f5c54b3924fd72ca32686f8a8860df001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_docker_api_with_llm_provider.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scan_full_page_false_does_not_call_page_need_scroll: Test function `test_scan_full_page_false_does_not_call_page_need_scroll` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76188, "scanner": "repobility-ast-engine", "fingerprint": "e112d5c788c9fbc79bc6ace36d3139e5b536b4eec3324655e9d3f8ca8d9b49bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e112d5c788c9fbc79bc6ace36d3139e5b536b4eec3324655e9d3f8ca8d9b49bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_issue_1750_screenshot_scan_full_page.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_param_raises: Test function `test_invalid_param_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76187, "scanner": "repobility-ast-engine", "fingerprint": "fd9632fca711ded70ca87472cbbfe550554f5016ee13f8399e1aa35403aac8f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd9632fca711ded70ca87472cbbfe550554f5016ee13f8399e1aa35403aac8f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config_defaults.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_stealth_mode: Test function `test_stealth_mode` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76186, "scanner": "repobility-ast-engine", "fingerprint": "99e6cb6cfbaadbb490be6b24e605045c855b80045a0df442cd82a2a0a6a02d7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99e6cb6cfbaadbb490be6b24e605045c855b80045a0df442cd82a2a0a6a02d7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pyopenssl_update.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_basic_crawl: Test function `test_basic_crawl` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76185, "scanner": "repobility-ast-engine", "fingerprint": "55c35ab4434a15f93b6ec8d02d864738f19b1f5a84fdf24ab479d2222efc439d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55c35ab4434a15f93b6ec8d02d864738f19b1f5a84fdf24ab479d2222efc439d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pyopenssl_update.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_memory_calculation: Test function `test_memory_calculation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76184, "scanner": "repobility-ast-engine", "fingerprint": "b5284ed89f99ccd57f626242ad00b8721850a3485777088e15d5d5843622f9f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5284ed89f99ccd57f626242ad00b8721850a3485777088e15d5d5843622f9f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_memory_macos.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_controlled_html: Test function `test_controlled_html` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76183, "scanner": "repobility-ast-engine", "fingerprint": "73643e14bad9b77162310852ed7ab970d8b0604c494b3d78e3b74cf6b80d3d72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73643e14bad9b77162310852ed7ab970d8b0604c494b3d78e3b74cf6b80d3d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_llm_simple_url.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_prefetch_returns_quickly: Test function `test_prefetch_returns_quickly` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76182, "scanner": "repobility-ast-engine", "fingerprint": "b58e9a34c72e7991256e4bfa91c85fe85c992035049b3c86a463f70e31404f32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b58e9a34c72e7991256e4bfa91c85fe85c992035049b3c86a463f70e31404f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prefetch_integration.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_docker_deployment: Test function `test_docker_deployment` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76181, "scanner": "repobility-ast-engine", "fingerprint": "f646caf3fbea484690efa0b3522c5ab211e67a62eef5c970008f00e22b7399d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f646caf3fbea484690efa0b3522c5ab211e67a62eef5c970008f00e22b7399d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/docker_example.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_edge_cases: Test function `test_edge_cases` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76180, "scanner": "repobility-ast-engine", "fingerprint": "b7eb658844084e16caa6b902c37c5c848fc8d4d8d82291368810f2e63bb445ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7eb658844084e16caa6b902c37c5c848fc8d4d8d82291368810f2e63bb445ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_preserve_https_for_internal_links.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_multi_config: Test function `test_multi_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76179, "scanner": "repobility-ast-engine", "fingerprint": "d9891c557a7388b9d597e0322e31df3c3c63631b6919c2a3892f601a01b9f845", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9891c557a7388b9d597e0322e31df3c3c63631b6919c2a3892f601a01b9f845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_multi_config.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_virtual_scroll: Test function `test_virtual_scroll` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76178, "scanner": "repobility-ast-engine", "fingerprint": "1ec845cc0e3e6b6371a7bf3695c71cee9878ac9a4f1827da5d8297f675ad7736", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ec845cc0e3e6b6371a7bf3695c71cee9878ac9a4f1827da5d8297f675ad7736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_virtual_scroll.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_window_stop_not_called_when_no_session_id: Test function `test_window_stop_not_called_when_no_session_id` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76177, "scanner": "repobility-ast-engine", "fingerprint": "51a4466e88bf0eb47cf0b92e486a0aa0b9514b5424767e0ca5b2003517a60812", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51a4466e88bf0eb47cf0b92e486a0aa0b9514b5424767e0ca5b2003517a60812"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_issue_1370_1818_1762_1509.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_window_stop_called_when_session_id_set: Test function `test_window_stop_called_when_session_id_set` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76176, "scanner": "repobility-ast-engine", "fingerprint": "2ca8dd20f0bd616ed63996cdbd63095ac5d48d83924b528361ba715e49a00021", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ca8dd20f0bd616ed63996cdbd63095ac5d48d83924b528361ba715e49a00021"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_issue_1370_1818_1762_1509.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76159, "scanner": "repobility-ast-engine", "fingerprint": "7022985d8f237d6622ef538c8c5b6035b59e6eb797ce514ef16bcdac1cace0ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7022985d8f237d6622ef538c8c5b6035b59e6eb797ce514ef16bcdac1cace0ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 941}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76158, "scanner": "repobility-ast-engine", "fingerprint": "55ccfb4e5d8e9b76a1a8bcce0000e0f710407504cef900fdc15cc1004b03670a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55ccfb4e5d8e9b76a1a8bcce0000e0f710407504cef900fdc15cc1004b03670a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 905}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76157, "scanner": "repobility-ast-engine", "fingerprint": "4d30328f3686009fe24808fd2b40db452e108241914cf14aff50b5048a22536b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d30328f3686009fe24808fd2b40db452e108241914cf14aff50b5048a22536b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 932}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76156, "scanner": "repobility-ast-engine", "fingerprint": "7ac3ea65b1c77ad8f35203e8f09d50e2e6db38e24f95bd57530deef176f18849", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac3ea65b1c77ad8f35203e8f09d50e2e6db38e24f95bd57530deef176f18849"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 893}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76155, "scanner": "repobility-ast-engine", "fingerprint": "477fe22f9e3b775a826d93c8641c7fc910073ce9e982003661fa888be2f1695a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|477fe22f9e3b775a826d93c8641c7fc910073ce9e982003661fa888be2f1695a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 859}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `interactive_manager`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76154, "scanner": "repobility-ast-engine", "fingerprint": "9f7b79dd5480b7f435fbf6c96c1541dcd57757b8a706dfd6cbe546e6cf21de8e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f7b79dd5480b7f435fbf6c96c1541dcd57757b8a706dfd6cbe546e6cf21de8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 854}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `_listen_fallback`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 76153, "scanner": "repobility-ast-engine", "fingerprint": "390d606aa945259e9b17423a57a7799a9a246f58adac5b26a080b269bf1ef52c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|390d606aa945259e9b17423a57a7799a9a246f58adac5b26a080b269bf1ef52c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/browser_profiler.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._compute_distance_matrix` used but never assigned in __init__: Method `_get_cached_distance_matrix` of class `EmbeddingStrategy` reads `self._compute_distance_matrix`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76150, "scanner": "repobility-ast-engine", "fingerprint": "6dadeb22554dac659883ad3ab2c419e6e5fe72d4b5ad98f0392b4959231bafc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6dadeb22554dac659883ad3ab2c419e6e5fe72d4b5ad98f0392b4959231bafc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 656}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `_get_document_terms` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76149, "scanner": "repobility-ast-engine", "fingerprint": "7310f7ab92ffe64a6bcead28a881c2a51c6078813cbf7c8388394a89c6fee293", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7310f7ab92ffe64a6bcead28a881c2a51c6078813cbf7c8388394a89c6fee293"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `update_state` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76148, "scanner": "repobility-ast-engine", "fingerprint": "0e657f01e0833475d60d26d064db9a0f7d93c8b92976cfb7de556b1f07d300cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e657f01e0833475d60d26d064db9a0f7d93c8b92976cfb7de556b1f07d300cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 545}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `_calculate_novelty` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76147, "scanner": "repobility-ast-engine", "fingerprint": "0e2a3d8d6c4d5446c8aeb5c3df2031ee17f7ca03ec296b4d6c6b451fbfda1f77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e2a3d8d6c4d5446c8aeb5c3df2031ee17f7ca03ec296b4d6c6b451fbfda1f77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 459}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `_calculate_relevance` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76146, "scanner": "repobility-ast-engine", "fingerprint": "b9ef4317e0b2ea08fdecf7b4052315fc13e354d8bd4e2d505b886f10c6a73438", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9ef4317e0b2ea08fdecf7b4052315fc13e354d8bd4e2d505b886f10c6a73438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 437}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `_calculate_relevance` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76145, "scanner": "repobility-ast-engine", "fingerprint": "0ec683107f079f061322dcae218f2153110fabb6e1b958e90b642cac10ad8abf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ec683107f079f061322dcae218f2153110fabb6e1b958e90b642cac10ad8abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_novelty` used but never assigned in __init__: Method `rank_links` of class `StatisticalStrategy` reads `self._calculate_novelty`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76144, "scanner": "repobility-ast-engine", "fingerprint": "4feaa6475c3b2c35afc81d8ca8b1bd4dca248edc5add369b10a000ed91425528", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4feaa6475c3b2c35afc81d8ca8b1bd4dca248edc5add369b10a000ed91425528"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_relevance` used but never assigned in __init__: Method `rank_links` of class `StatisticalStrategy` reads `self._calculate_relevance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76143, "scanner": "repobility-ast-engine", "fingerprint": "f170a6e90e2bb045f80cb17f83f1fa814e06af2856dc21a09079823d1964eab8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f170a6e90e2bb045f80cb17f83f1fa814e06af2856dc21a09079823d1964eab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 396}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_document_terms` used but never assigned in __init__: Method `_calculate_consistency` of class `StatisticalStrategy` reads `self._get_document_terms`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76142, "scanner": "repobility-ast-engine", "fingerprint": "c16decbfc35982014034d540d6e642b00022631b9404ddeea54e1c782c877480", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c16decbfc35982014034d540d6e642b00022631b9404ddeea54e1c782c877480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_document_terms` used but never assigned in __init__: Method `_calculate_consistency` of class `StatisticalStrategy` reads `self._get_document_terms`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76141, "scanner": "repobility-ast-engine", "fingerprint": "480b636fc0f52a75ced7ad4674bddecb350c59b83d74e0e462d4f3062c091976", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|480b636fc0f52a75ced7ad4674bddecb350c59b83d74e0e462d4f3062c091976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 353}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._tokenize` used but never assigned in __init__: Method `_calculate_coverage` of class `StatisticalStrategy` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76140, "scanner": "repobility-ast-engine", "fingerprint": "a4a8156dd2d087f5fe1ee8b9f19d3fc61dfb16e6d8e02af31bd1e21246d31699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4a8156dd2d087f5fe1ee8b9f19d3fc61dfb16e6d8e02af31bd1e21246d31699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_saturation` used but never assigned in __init__: Method `calculate_confidence` of class `StatisticalStrategy` reads `self._calculate_saturation`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76139, "scanner": "repobility-ast-engine", "fingerprint": "4c66f2f2f4306c61d06aa6d34c3a3d27f99d026dc2d6a66f2c7ff0ad2a4bbe27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c66f2f2f4306c61d06aa6d34c3a3d27f99d026dc2d6a66f2c7ff0ad2a4bbe27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_consistency` used but never assigned in __init__: Method `calculate_confidence` of class `StatisticalStrategy` reads `self._calculate_consistency`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76138, "scanner": "repobility-ast-engine", "fingerprint": "141d171ad6332a292997c01df6a39ae8c0a5f2b2d216ad01d753a8e74ff08673", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|141d171ad6332a292997c01df6a39ae8c0a5f2b2d216ad01d753a8e74ff08673"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_coverage` used but never assigned in __init__: Method `calculate_confidence` of class `StatisticalStrategy` reads `self._calculate_coverage`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76137, "scanner": "repobility-ast-engine", "fingerprint": "c66112edb0e4871fc38eb44c9cf6890fc8ccfd1fadc05172ba84e9b02d19fb34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c66112edb0e4871fc38eb44c9cf6890fc8ccfd1fadc05172ba84e9b02d19fb34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.metadata` used but never assigned in __init__: Method `_dict_to_crawl_result` of class `CrawlState` reads `self.metadata`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76136, "scanner": "repobility-ast-engine", "fingerprint": "a0e87017267f968d5acbff1bde104da41db386350ba4636834c2e5413029ab51", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0e87017267f968d5acbff1bde104da41db386350ba4636834c2e5413029ab51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.links` used but never assigned in __init__: Method `_dict_to_crawl_result` of class `CrawlState` reads `self.links`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76135, "scanner": "repobility-ast-engine", "fingerprint": "fd6f9bfd10f3378bc8dd9ca22c2365ba357f59d03f5a73a244089c9fe2a1382b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd6f9bfd10f3378bc8dd9ca22c2365ba357f59d03f5a73a244089c9fe2a1382b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.markdown` used but never assigned in __init__: Method `_dict_to_crawl_result` of class `CrawlState` reads `self.markdown`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76134, "scanner": "repobility-ast-engine", "fingerprint": "05299b8913fa5707df3999027d44fa9266c148601638272e7dc222696e0d51c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05299b8913fa5707df3999027d44fa9266c148601638272e7dc222696e0d51c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.url` used but never assigned in __init__: Method `_dict_to_crawl_result` of class `CrawlState` reads `self.url`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76133, "scanner": "repobility-ast-engine", "fingerprint": "1f7b35b517a8fd5dbccec130918c6efc757431194ef9c585c62c2b85a286e3e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f7b35b517a8fd5dbccec130918c6efc757431194ef9c585c62c2b85a286e3e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.raw_markdown` used but never assigned in __init__: Method `_dict_to_crawl_result` of class `CrawlState` reads `self.raw_markdown`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76132, "scanner": "repobility-ast-engine", "fingerprint": "023ce6b45403c984b908c700221e81dbc7f495bcfa729b8e8a5a031d9880d0c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|023ce6b45403c984b908c700221e81dbc7f495bcfa729b8e8a5a031d9880d0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._crawl_result_to_dict` used but never assigned in __init__: Method `save` of class `CrawlState` reads `self._crawl_result_to_dict`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76131, "scanner": "repobility-ast-engine", "fingerprint": "e8fa831f69837dfb76b52d2540466af35a873c42e82e252d97407bf26aa70d21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8fa831f69837dfb76b52d2540466af35a873c42e82e252d97407bf26aa70d21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/adaptive_crawler copy.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.close` used but never assigned in __init__: Method `__aexit__` of class `Crawl4aiDockerClient` reads `self.close`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76130, "scanner": "repobility-ast-engine", "fingerprint": "6051126f5befb426444fcb0eac9115258409b9bf9edcafa858d1215a476e0085", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6051126f5befb426444fcb0eac9115258409b9bf9edcafa858d1215a476e0085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._request` used but never assigned in __init__: Method `get_schema` of class `Crawl4aiDockerClient` reads `self._request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76129, "scanner": "repobility-ast-engine", "fingerprint": "de67bd4ad41c7480d83430788ca88c5b66660ac44d993c2da2d8caf6f716b920", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de67bd4ad41c7480d83430788ca88c5b66660ac44d993c2da2d8caf6f716b920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._request` used but never assigned in __init__: Method `crawl` of class `Crawl4aiDockerClient` reads `self._request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76128, "scanner": "repobility-ast-engine", "fingerprint": "2f5aa0c5991509ade50f2fc81a5bdba8998334476b8ad9736361942d96731ec3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f5aa0c5991509ade50f2fc81a5bdba8998334476b8ad9736361942d96731ec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._check_server` used but never assigned in __init__: Method `crawl` of class `Crawl4aiDockerClient` reads `self._check_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76127, "scanner": "repobility-ast-engine", "fingerprint": "f4d03075c737163f201a823fa4d54a4b83f57c553e93683aadc43b5ebd7c289a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4d03075c737163f201a823fa4d54a4b83f57c553e93683aadc43b5ebd7c289a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._prepare_request` used but never assigned in __init__: Method `crawl` of class `Crawl4aiDockerClient` reads `self._prepare_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76126, "scanner": "repobility-ast-engine", "fingerprint": "a59f92686acc1ca95ea3860b7070d63fedd45878a6f48ae72ba9174637febcc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a59f92686acc1ca95ea3860b7070d63fedd45878a6f48ae72ba9174637febcc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/docker_client.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_api_integration: Test function `test_api_integration` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76118, "scanner": "repobility-ast-engine", "fingerprint": "d480cb829e30d7d1d31d246bd1545089170b723914f495fc83496e60e6ca4d4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d480cb829e30d7d1d31d246bd1545089170b723914f495fc83496e60e6ca4d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_payload_construction: Test function `test_payload_construction` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76117, "scanner": "repobility-ast-engine", "fingerprint": "658f46b6c742741011c8b7002400ff0786b6b11068c3ac26276496efa51e5469", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|658f46b6c742741011c8b7002400ff0786b6b11068c3ac26276496efa51e5469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_webhook_config_model: Test function `test_webhook_config_model` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76116, "scanner": "repobility-ast-engine", "fingerprint": "f2e5641d3438601ff09ffa85390553e208a35d20c7549a98e8aa42cae7f2ba07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2e5641d3438601ff09ffa85390553e208a35d20c7549a98e8aa42cae7f2ba07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_imports: Test function `test_imports` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76115, "scanner": "repobility-ast-engine", "fingerprint": "ccb4f0214b1562bce47ce515e5b52765243a7ebaa35d21b904c7464f0367116b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ccb4f0214b1562bce47ce515e5b52765243a7ebaa35d21b904c7464f0367116b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_webhook_implementation.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_pattern_consistency: Test function `test_pattern_consistency` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76107, "scanner": "repobility-ast-engine", "fingerprint": "1a69c48a4bfe4fa257e89c45aa3f12bec32bcdbf811dbc8a678ac04bfb2c4a1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a69c48a4bfe4fa257e89c45aa3f12bec32bcdbf811dbc8a678ac04bfb2c4a1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_create_new_task_integration: Test function `test_create_new_task_integration` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76106, "scanner": "repobility-ast-engine", "fingerprint": "8ddbfa89587a2ba676859a8988fd793e074cecd5d432b09a96656cda0854744e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ddbfa89587a2ba676859a8988fd793e074cecd5d432b09a96656cda0854744e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_job_endpoint_integration: Test function `test_job_endpoint_integration` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76105, "scanner": "repobility-ast-engine", "fingerprint": "b2940fb633b0394e237c9eac0c656ff7046aaec1310fd4e66787e28782fd8e5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2940fb633b0394e237c9eac0c656ff7046aaec1310fd4e66787e28782fd8e5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_webhook_integration_in_api: Test function `test_webhook_integration_in_api` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76104, "scanner": "repobility-ast-engine", "fingerprint": "ceb70926bbf1c57a2eb190cb870b18ab716a69353bb2e30f9dab750e5610b6ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ceb70926bbf1c57a2eb190cb870b18ab716a69353bb2e30f9dab750e5610b6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_process_llm_extraction_signature: Test function `test_process_llm_extraction_signature` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76103, "scanner": "repobility-ast-engine", "fingerprint": "7e5a824e70affe06e301e3bdb0c7c5724446cf839b9d928be85f4469bb95351a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e5a824e70affe06e301e3bdb0c7c5724446cf839b9d928be85f4469bb95351a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_handle_llm_request_signature: Test function `test_handle_llm_request_signature` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 76102, "scanner": "repobility-ast-engine", "fingerprint": "a25306d5a1a1f517ee2ab9481ce57613ee7330350cdc8533fe38ed17a9b479b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a25306d5a1a1f517ee2ab9481ce57613ee7330350cdc8533fe38ed17a9b479b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_llm_webhook_feature.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 76092, "scanner": "repobility-docker", "fingerprint": "ed52002a372777fd41d1ad02b8a29f9f8a6fc0c62680322d5bc89970abd5c9cd", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ed52002a372777fd41d1ad02b8a29f9f8a6fc0c62680322d5bc89970abd5c9cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 76077, "scanner": "repobility-threat-engine", "fingerprint": "749682d78e6b348bb64c019fc01887d506e5a16b2a7536154277d0e308103f3d", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `\n        <a href=\"${repoUrl}\" target=\"_blank\" rel=\"noopener\">\n            <!-- Optiona", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|749682d78e6b348bb64c019fc01887d506e5a16b2a7536154277d0e308103f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/assets/github_stats.js"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 76076, "scanner": "repobility-threat-engine", "fingerprint": "cd2e4547c24bcf097b2fb871248919ebb6926ba02abde66284d7ae80b287bd7c", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `<pre><code>${this.escapeHtml(this.currentMarkdown)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd2e4547c24bcf097b2fb871248919ebb6926ba02abde66284d7ae80b287bd7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/crawl4ai-assistant/content/markdownPreviewModal.js"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 76069, "scanner": "repobility-threat-engine", "fingerprint": "9fad20c5c2b29c71e47e970b32a6b0dfc6762f53c083637deeb8654e2742b47a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9fad20c5c2b29c71e47e970b32a6b0dfc6762f53c083637deeb8654e2742b47a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/identity_based_browsing.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 76068, "scanner": "repobility-threat-engine", "fingerprint": "7934de840c1b87424bab50b26449938ef03d2116d22fd80f3dfc78e9b36a5433", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7934de840c1b87424bab50b26449938ef03d2116d22fd80f3dfc78e9b36a5433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker/demo_docker_polling.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 76067, "scanner": "repobility-threat-engine", "fingerprint": "6a791bd86c0106e39dd808cafee5eaa67951ff09dd636705cc78f07bbf2cc3f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a791bd86c0106e39dd808cafee5eaa67951ff09dd636705cc78f07bbf2cc3f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/crawler_monitor_example.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 76063, "scanner": "repobility-threat-engine", "fingerprint": "106016627f0616832331026640c630cba4940b2cc72277df502be4d3c56ed18c", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = \"fetch('/recaptcha-v3-verify.php?action=examples/v3scores&token=\"\"\" + t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|48|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_recaptcha_v3.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 76054, "scanner": "repobility-threat-engine", "fingerprint": "b45f474023779e31c7aa0ef0a4314a918423803c924be89f4eb190d3ce89bab9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route('/api/compile', methods=['POST'])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b45f474023779e31c7aa0ef0a4314a918423803c924be89f4eb190d3ce89bab9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/apps/c4a-script/server.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 76053, "scanner": "repobility-threat-engine", "fingerprint": "03c764af0029fdb21658ad64d9fe16ba1a3441c71e2200f25eda89403178cbf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route('/api/compile', methods=['POST'])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|03c764af0029fdb21658ad64d9fe16ba1a3441c71e2200f25eda89403178cbf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/c4a_script/tutorial/server.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 76052, "scanner": "repobility-threat-engine", "fingerprint": "b23775464aef550bdebf3ce3d36788340f24f81a43f7d9f31477fee46a4d26de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/llm/job\", status_code=202)\nasync def llm_job_enqueue(\n        payload: LlmJobPayload,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b23775464aef550bdebf3ce3d36788340f24f81a43f7d9f31477fee46a4d26de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/job.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 76048, "scanner": "repobility-threat-engine", "fingerprint": "50b25cf94014ee5b35f84b9b3379a726d029cf3d6cb42448a142d41117730df2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50b25cf94014ee5b35f84b9b3379a726d029cf3d6cb42448a142d41117730df2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/crawler_pool.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 76040, "scanner": "repobility-threat-engine", "fingerprint": "9520b379b9aef3d51c50bae125252365c41cb0ed5cd4b2b5a78c11d2f4840028", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "print(\"recaptcha token:\", token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|3|print recaptcha token: token", "duplicate_count": 1, "duplicate_rule_ids": ["SEC020"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["9520b379b9aef3d51c50bae125252365c41cb0ed5cd4b2b5a78c11d2f4840028", "bf43f803eb1a79a5a07bfaf2a4e622c66f566d510878c632928f5561f7ec04dd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_recaptcha_v2.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 76039, "scanner": "repobility-threat-engine", "fingerprint": "99a03946639e80bb5f3113749d3c584ca5dee38a75aa6a7ae35c66273fdf579c", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(\"turnstile token:\", token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|3|print turnstile token: token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/capsolver_captcha_solver/capsolver_api_integration/solve_cloudflare_turnstile.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 76029, "scanner": "repobility-threat-engine", "fingerprint": "040dbdb25967d0c4f80cc3fe6429989c2d79e6dfbde14dc3944a798b0cc1fb9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|040dbdb25967d0c4f80cc3fe6429989c2d79e6dfbde14dc3944a798b0cc1fb9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/rest_call.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 76028, "scanner": "repobility-threat-engine", "fingerprint": "bb177ad8063c3a9af2a9465eca24b215451cca510fe544f7d8446f0d8e390d4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bb177ad8063c3a9af2a9465eca24b215451cca510fe544f7d8446f0d8e390d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/research_assistant.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 76027, "scanner": "repobility-threat-engine", "fingerprint": "0aed533f3e64ca3b50af566cdc1017b58197ac410b11c1dfe38b57b8cc51123a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0aed533f3e64ca3b50af566cdc1017b58197ac410b11c1dfe38b57b8cc51123a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/docs_manager.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 76022, "scanner": "repobility-threat-engine", "fingerprint": "9ca16eeefa8d50fb215a130ae51cdddf4b6444e3f71f334bbb4318bd2423d7d4", "category": "injection", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "evidence": {"match": "query = f\"SELECT", "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "code|injection|token|82|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/database.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 76021, "scanner": "repobility-threat-engine", "fingerprint": "db0c91b494df0165a43c32938beae7d3bd9507a86de16067cd48acf04b903a39", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n            f'UPDATE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|crawl4ai/legacy/database.py|166|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/database.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 76015, "scanner": "repobility-threat-engine", "fingerprint": "491fbca27ed4ed5329f62e3ced6936756b8e56bedc5a96341aa195162ee61f37", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|491fbca27ed4ed5329f62e3ced6936756b8e56bedc5a96341aa195162ee61f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/docker/demo_docker_polling.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 76014, "scanner": "repobility-threat-engine", "fingerprint": "e19e38bb1fc7fb0ae75956d7019e1a3c890cbacccdb0ac0a75cd8c2c3e54dd76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e19e38bb1fc7fb0ae75956d7019e1a3c890cbacccdb0ac0a75cd8c2c3e54dd76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/crawler_pool.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 76013, "scanner": "repobility-threat-engine", "fingerprint": "8e684c8cbaa483e791b320961b48be4516f87229dd2bb846969427d3c00087d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8e684c8cbaa483e791b320961b48be4516f87229dd2bb846969427d3c00087d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/html2text/utils.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76012, "scanner": "repobility-threat-engine", "fingerprint": "fb41c19c51255fdecec8bbee0a659b4866ba9660e85cddedbc7ecef18c01f36c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "config_dict.update(kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb41c19c51255fdecec8bbee0a659b4866ba9660e85cddedbc7ecef18c01f36c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/proxy_strategy.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76011, "scanner": "repobility-threat-engine", "fingerprint": "a9949f253185e7c96c62ebbc581dfcf29e7fb6402ec2ebe4cb42757883f017d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "default_options.update(html2text_options)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a9949f253185e7c96c62ebbc581dfcf29e7fb6402ec2ebe4cb42757883f017d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/markdown_generation_strategy.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76010, "scanner": "repobility-threat-engine", "fingerprint": "4076c4df42e09776ffe87b864f6563e169a4dec1dcd1fcd1933079e3bde8ae7a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "style.update(css_style)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4076c4df42e09776ffe87b864f6563e169a4dec1dcd1fcd1933079e3bde8ae7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/html2text/utils.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC032", "level": "error", "message": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs."}, "properties": {"repobilityId": 76009, "scanner": "repobility-threat-engine", "fingerprint": "73a9530be3b07792d7f9a002ee295e23a16229b76f05f6e70826ece93867c4f8", "category": "file_upload", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "open(args.filename,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC032", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|73a9530be3b07792d7f9a002ee295e23a16229b76f05f6e70826ece93867c4f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/html2text/cli.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 76003, "scanner": "repobility-threat-engine", "fingerprint": "04159049e0f0eff8b963324cf5c7b49b17fdecd8902a31d073bf584a4d3e5162", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(f\"{home_dir}/schema/suggested_query", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|114|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/crawlers/google_search/crawler.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 75991, "scanner": "repobility-threat-engine", "fingerprint": "4b6a3b913eb83ed46bfeecbb60823f7736089a6eee88fa15dda5688e0e3b82dc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4b6a3b913eb83ed46bfeecbb60823f7736089a6eee88fa15dda5688e0e3b82dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/deep_crawling/base_strategy.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 75990, "scanner": "repobility-threat-engine", "fingerprint": "d8e95c11d0dd121621576ea20edbe9aed97b62c6a8415a014e91a0022ad28329", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8e95c11d0dd121621576ea20edbe9aed97b62c6a8415a014e91a0022ad28329"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/crawlers/google_search/script.js"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 75989, "scanner": "repobility-threat-engine", "fingerprint": "cc2f7491037404b00a322e97a92e0dd6ceae414997c86601905cd43e96c09752", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc2f7491037404b00a322e97a92e0dd6ceae414997c86601905cd43e96c09752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/cache_context.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `validate` has cognitive complexity 30 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, except=3, if=10, nested_bonus=15."}, "properties": {"repobilityId": 75987, "scanner": "repobility-threat-engine", "fingerprint": "4ad903355b0fb10547e62b66ba43d73843e8816f828c7d8db865f9b17c08dffa", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 30 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate", "breakdown": {"if": 10, "elif": 2, "except": 3, "nested_bonus": 15}, "complexity": 30, "correlation_key": "fp|4ad903355b0fb10547e62b66ba43d73843e8816f828c7d8db865f9b17c08dffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/cache_validator.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `is_blocked` has cognitive complexity 35 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=4, if=14, nested_bonus=15, or=1."}, "properties": {"repobilityId": 75985, "scanner": "repobility-threat-engine", "fingerprint": "41879b2c57e3c09536a796be539f0591a26e39295169c2116e3a688178fd5ea6", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 35 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "is_blocked", "breakdown": {"if": 14, "or": 1, "for": 4, "else": 1, "nested_bonus": 15}, "complexity": 35, "correlation_key": "fp|41879b2c57e3c09536a796be539f0591a26e39295169c2116e3a688178fd5ea6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/antibot_detector.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED133", "level": "error", "message": {"text": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.com/services/T00/B00/xxx...`. Webhook URLs are unauthenticated POST endpoints \u2014 anyone with the URL can send messages. They are also a common data-exfiltration channel for compromised packages (malicious post-install collects env vars + POSTs them)."}, "properties": {"repobilityId": 76264, "scanner": "repobility-supply-chain", "fingerprint": "82e89971a30c23e1596a6d40952e9065fd39203114638908be6a7047aa8f52d5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "exfil-webhook-url", "owasp": null, "cwe_ids": ["CWE-200", "CWE-540"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82e89971a30c23e1596a6d40952e9065fd39203114638908be6a7047aa8f52d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/tests/test_security_2026_04.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_WEBHOOK }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 76260, "scanner": "repobility-supply-chain", "fingerprint": "ee36f3dd1efa894f8a28a4ecbfc3c50c65925f667e25692476b8b7c44b4c6a89", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee36f3dd1efa894f8a28a4ecbfc3c50c65925f667e25692476b8b7c44b4c6a89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DISCORD_STAR_GAZERS` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_STAR_GAZERS }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 76259, "scanner": "repobility-supply-chain", "fingerprint": "5b7b2930f4df2003b2b585362a0449efbb0b3f8d88a6c3b1b6b218e53aaf5c24", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5b7b2930f4df2003b2b585362a0449efbb0b3f8d88a6c3b1b6b218e53aaf5c24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DISCORD_DISCUSSIONS_WEBHOOK` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_DISCUSSIONS_WEBHOOK }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 76258, "scanner": "repobility-supply-chain", "fingerprint": "5f08035a80e7d292d9460c7b8d3a8fffaafc8311ebe4e98f5a616c58a74caaa7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f08035a80e7d292d9460c7b8d3a8fffaafc8311ebe4e98f5a616c58a74caaa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GOOGLE_SCRIPT_ENDPOINT` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GOOGLE_SCRIPT_ENDPOINT }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 76257, "scanner": "repobility-supply-chain", "fingerprint": "57d5966954539eb841b93cf4cab7eb58029e91458682cea68c5716410731d8a7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57d5966954539eb841b93cf4cab7eb58029e91458682cea68c5716410731d8a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: DELETE /admin/sponsors/{sponsor_id}: Handler `delete_sponsor` serves an /admin path (/admin/sponsors/{sponsor_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76232, "scanner": "repobility-route-auth", "fingerprint": "07412b1af45540cacf10a19b41932e8813d6b7a5a0c0f7f7e94f4e41408b78b8", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|07412b1af45540cacf10a19b41932e8813d6b7a5a0c0f7f7e94f4e41408b78b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 462}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: PUT /admin/sponsors/{sponsor_id}: Handler `update_sponsor` serves an /admin path (/admin/sponsors/{sponsor_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76231, "scanner": "repobility-route-auth", "fingerprint": "93c0d2f82c1794bf43669ff22639aedcb5f8f6f0d881b760dbe5d877890406ac", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|93c0d2f82c1794bf43669ff22639aedcb5f8f6f0d881b760dbe5d877890406ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 448}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/sponsors: Handler `create_sponsor` serves an /admin path (/admin/sponsors) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76230, "scanner": "repobility-route-auth", "fingerprint": "c48ea2201683f2ba51f4cb14b25cffb41e8d6a02543345ba2b008f3c86a1823e", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|c48ea2201683f2ba51f4cb14b25cffb41e8d6a02543345ba2b008f3c86a1823e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 434}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: DELETE /admin/categories/{cat_id}: Handler `delete_category` serves an /admin path (/admin/categories/{cat_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76229, "scanner": "repobility-route-auth", "fingerprint": "9adf76997338250436bf062d6a066865d7dedcb94240151bb8c7f1932fc7e959", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|9adf76997338250436bf062d6a066865d7dedcb94240151bb8c7f1932fc7e959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 422}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: PUT /admin/categories/{cat_id}: Handler `update_category` serves an /admin path (/admin/categories/{cat_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76228, "scanner": "repobility-route-auth", "fingerprint": "06c079075092fecd28e026d7f7b328667c1747d6a4f158fcaf7af64f8993fd55", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|06c079075092fecd28e026d7f7b328667c1747d6a4f158fcaf7af64f8993fd55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 404}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/categories: Handler `create_category` serves an /admin path (/admin/categories) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76227, "scanner": "repobility-route-auth", "fingerprint": "70f36005570e2f792aba6b6dd37c6977778205a59d14d3f2563990bbe618be9d", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|70f36005570e2f792aba6b6dd37c6977778205a59d14d3f2563990bbe618be9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 387}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: DELETE /admin/articles/{article_id}: Handler `delete_article` serves an /admin path (/admin/articles/{article_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76226, "scanner": "repobility-route-auth", "fingerprint": "c27c1f25d0050ce7ba3d65d88696e1498d51b41a29456d1afa6e22b743e4cbee", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|c27c1f25d0050ce7ba3d65d88696e1498d51b41a29456d1afa6e22b743e4cbee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: PUT /admin/articles/{article_id}: Handler `update_article` serves an /admin path (/admin/articles/{article_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76225, "scanner": "repobility-route-auth", "fingerprint": "713f29e50043aa5f7d5532d4a3e008caecfead82338c6f9b1b3685833498fce6", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|713f29e50043aa5f7d5532d4a3e008caecfead82338c6f9b1b3685833498fce6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 361}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/articles: Handler `create_article` serves an /admin path (/admin/articles) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76224, "scanner": "repobility-route-auth", "fingerprint": "64dcf8b9f32a0aa536fe50e95bad93fb6ebff54bb2170f452ed533f47db99980", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|64dcf8b9f32a0aa536fe50e95bad93fb6ebff54bb2170f452ed533f47db99980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: DELETE /admin/apps/{app_id}: Handler `delete_app` serves an /admin path (/admin/apps/{app_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76223, "scanner": "repobility-route-auth", "fingerprint": "1e2ef0d3c67275d42ccfcae20fd3aa20fcd20f648fd7308e9a32ee8e1496fca6", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|1e2ef0d3c67275d42ccfcae20fd3aa20fcd20f648fd7308e9a32ee8e1496fca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 334}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: PUT /admin/apps/{app_id}: Handler `update_app` serves an /admin path (/admin/apps/{app_id}) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76222, "scanner": "repobility-route-auth", "fingerprint": "0649fce0c03c58070e38750c7e725a657d8410cf93cdc146d574135403f94e0b", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|0649fce0c03c58070e38750c7e725a657d8410cf93cdc146d574135403f94e0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/apps: Handler `create_app` serves an /admin path (/admin/apps) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76221, "scanner": "repobility-route-auth", "fingerprint": "f7da77121268aef78a21d1e3c029763a1d18a3d9264a345b79e5f0c863c514d6", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|f7da77121268aef78a21d1e3c029763a1d18a3d9264a345b79e5f0c863c514d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/login: Handler `admin_login` serves an /admin path (/admin/login) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76220, "scanner": "repobility-route-auth", "fingerprint": "f7418ee20d94057d08a92ace7555988a90c54ee997c8f502997b7e64ed578dca", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|f7418ee20d94057d08a92ace7555988a90c54ee997c8f502997b7e64ed578dca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED114", "level": "error", "message": {"text": "[MINED114] Admin endpoint without auth: POST /admin/upload-image: Handler `upload_image` serves an /admin path (/admin/upload-image) and the function has no Depends/Security parameter and no auth marker in its body. Admin without auth = full takeover."}, "properties": {"repobilityId": 76219, "scanner": "repobility-route-auth", "fingerprint": "fea6e019a0299c449bdbfe9553ab1c04b40ca386ed4151afee82644981dc2eb0", "category": "quality", "severity": "critical", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "admin-handler-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-284", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 6292}, "scanner": "repobility-route-auth", "correlation_key": "fp|fea6e019a0299c449bdbfe9553ab1c04b40ca386ed4151afee82644981dc2eb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/server.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76218, "scanner": "repobility-ast-engine", "fingerprint": "6e5eb15615f6f73806288cf5f1e6d25af9ed0a8de08e392a42da4eede23b5f49", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e5eb15615f6f73806288cf5f1e6d25af9ed0a8de08e392a42da4eede23b5f49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/crawlers/amazon_product/crawler.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76217, "scanner": "repobility-ast-engine", "fingerprint": "6bba80f0f78cd506a175e6a0ad6a70c85f8f4652137a28d55ef55c6653e42a84", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bba80f0f78cd506a175e6a0ad6a70c85f8f4652137a28d55ef55c6653e42a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/deep_crawling/bff_strategy.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76216, "scanner": "repobility-ast-engine", "fingerprint": "7e344c2f4a87a0e508a9cb8dfa5e12724bede39758aa59fda74177494c1c3121", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e344c2f4a87a0e508a9cb8dfa5e12724bede39758aa59fda74177494c1c3121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/docker/utils.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76202, "scanner": "repobility-ast-engine", "fingerprint": "b196f89b47cb4ab9a15a06d8489c35ba5152b585ae3a5af0c0577fdf1894137f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b196f89b47cb4ab9a15a06d8489c35ba5152b585ae3a5af0c0577fdf1894137f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/scraping_strategies_performance.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76200, "scanner": "repobility-ast-engine", "fingerprint": "fccfb010f3af4e9f68d648beb19b549e2d3473b6d150c793dd9f7cf74ec576d3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fccfb010f3af4e9f68d648beb19b549e2d3473b6d150c793dd9f7cf74ec576d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/memory/benchmark_report.py"}, "region": {"startLine": 460}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `pathlib` used but not imported: The file uses `pathlib.something(...)` but never imports `pathlib`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76199, "scanner": "repobility-ast-engine", "fingerprint": "1c1bba53b3f80f165bb1348f4fb3b03915fde76aead6322bec4f326f8c3848e3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c1bba53b3f80f165bb1348f4fb3b03915fde76aead6322bec4f326f8c3848e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/memory/run_benchmark.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76193, "scanner": "repobility-ast-engine", "fingerprint": "49c46cb2e380030a4aec2d3330e61fd01757ada8f5be9201c05033880ac482d0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49c46cb2e380030a4aec2d3330e61fd01757ada8f5be9201c05033880ac482d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/async/test_evaluation_scraping_methods_performance.configs.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76192, "scanner": "repobility-ast-engine", "fingerprint": "e8a7e0f9789aa0b0c3defbf1711f67428878aaeaf078dc5a9c2f78a74494fca9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8a7e0f9789aa0b0c3defbf1711f67428878aaeaf078dc5a9c2f78a74494fca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/async/test_browser_memory.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76191, "scanner": "repobility-ast-engine", "fingerprint": "3c64531779ef45d42192494b0849df4f80b61be9fd58f6409d2e62a912b59392", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c64531779ef45d42192494b0849df4f80b61be9fd58f6409d2e62a912b59392"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/async/test_dispatchers.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76175, "scanner": "repobility-ast-engine", "fingerprint": "03dafd6629c52bef425aa38c0c82c8d42200b4a8f8036e484f5bd46d68e8bb17", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03dafd6629c52bef425aa38c0c82c8d42200b4a8f8036e484f5bd46d68e8bb17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/async_url_seeder.py"}, "region": {"startLine": 529}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76174, "scanner": "repobility-ast-engine", "fingerprint": "321df6df9698af30bc20d14017a23a6d2f559a68e884cf36cb0441de17aab4d0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|321df6df9698af30bc20d14017a23a6d2f559a68e884cf36cb0441de17aab4d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/extraction_strategy.py"}, "region": {"startLine": 605}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76173, "scanner": "repobility-ast-engine", "fingerprint": "547e770c9c3d7841765689fa57c5ea27a4f7c2aa551ddcf22f9cc3e40ca65ebf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|547e770c9c3d7841765689fa57c5ea27a4f7c2aa551ddcf22f9cc3e40ca65ebf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/antibot_detector.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 76172, "scanner": "repobility-ast-engine", "fingerprint": "769f966ff6a75955ab1964196410114f68870bfca4022ce2b023e58d17703ae4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|769f966ff6a75955ab1964196410114f68870bfca4022ce2b023e58d17703ae4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/cache_validator.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 76026, "scanner": "repobility-threat-engine", "fingerprint": "cec00fa3a5c562def120b743dfecd94693e315726198aaf7ba7d47c3d23bc178", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cec00fa3a5c562def120b743dfecd94693e315726198aaf7ba7d47c3d23bc178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/md_v2/marketplace/backend/database.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 76025, "scanner": "repobility-threat-engine", "fingerprint": "5de940d4db7d5ea8718d54d7cd91b6802a4b67cc6c88cc2c023fa931b21700bc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5de940d4db7d5ea8718d54d7cd91b6802a4b67cc6c88cc2c023fa931b21700bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crawl4ai/legacy/database.py"}, "region": {"startLine": 40}}}]}]}]}