{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `do_test` has cognitive complexity 18 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `do_test` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 559 lines (recommend <300)", "shortDescription": {"text": "Average file size is 559 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.", "shortDescription": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED046", "name": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger.", "shortDescription": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932b", "shortDescription": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/co"}, "fullDescription": {"text": "Replace with `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `protocolbuffers/protobuf-ci/docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/d", "shortDescription": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-action"}, "fullDescription": {"text": "Replace with: `uses: protocolbuffers/protobuf-ci/docker@<40-char-sha>  # v5` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_nparray_order: Test function `test_nparray_order` runs code but contains no asser", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_nparray_order: Test function `test_nparray_order` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProt", "shortDescription": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProtosTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises "}, "fullDescription": {"text": "Initialize `self.assertEqual = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC032", "name": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without valida", "shortDescription": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served direc"}, "fullDescription": {"text": "Validate THREE things server-side:\n  1. Extension allowlist:\n       ALLOWED = {'.png', '.jpg', '.pdf'}\n       ext = Path(file.filename).suffix.lower()\n       if ext not in ALLOWED: abort(400)\n  2. Magic-byte check (don't trust the extension):\n       import magic\n       mime = magic.from_buffer(file.read(2048), mime=True)\n  3. Save with a random/UUID filename to a non-executable directory.\nSanitize with `werkzeug.secure_filename`. Never reuse the user's name."}, "properties": {"scanner": "repobility-threat-engine", "category": "file_upload", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC131", "name": "[SEC131] Eval/exec on input \u2014 Stack Overflow snippet shape (AI copy-paste): eval/exec invoked on user-controllable input", "shortDescription": {"text": "[SEC131] Eval/exec on input \u2014 Stack Overflow snippet shape (AI copy-paste): eval/exec invoked on user-controllable input \u2014 the shape of a Stack Overflow answer that an AI copy-pasted without realizing the input side became attacker-controll"}, "fullDescription": {"text": "Never eval/exec request input. For parsing structured input use `json.loads()`, `ast.literal_eval()`, or a real parser. For dynamic expressions, use a sandboxed expression library (asteval, simpleeval) with a whitelist of operations."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED125", "name": "[MINED125] GHA script injection via github.event.pull_request.body in run-step: Multi-line `run: |` block interpolates $", "shortDescription": {"text": "[MINED125] GHA script injection via github.event.pull_request.body in run-step: Multi-line `run: |` block interpolates ${{ github.event.pull_request.body }} into shell. PR title/body/branch/comment fields are attacker-controllable."}, "fullDescription": {"text": "Capture the field into an env var first; reference $ENV_VAR in shell."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. T", "shortDescription": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import enum` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/835"}, "properties": {"repository": "protocolbuffers/protobuf", "repoUrl": "https://github.com/protocolbuffers/protobuf", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74430, "scanner": "repobility-ast-engine", "fingerprint": "bab8ac20974263aa71ab08feefced0405dbaba58a3476ca785c23bb93a61ff09", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bab8ac20974263aa71ab08feefced0405dbaba58a3476ca785c23bb93a61ff09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/testing_refleaks.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74427, "scanner": "repobility-ast-engine", "fingerprint": "03594462b926bfcfc1c5be6799056f45b8fcb8b26fe5130409492091d25cb8e0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03594462b926bfcfc1c5be6799056f45b8fcb8b26fe5130409492091d25cb8e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/text_format_test.py"}, "region": {"startLine": 807}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74414, "scanner": "repobility-ast-engine", "fingerprint": "01a68d7f7fb811e1b5caf35d72dbb5f964208f5a42471ee53c2fc749938502e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01a68d7f7fb811e1b5caf35d72dbb5f964208f5a42471ee53c2fc749938502e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/python_message.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74412, "scanner": "repobility-ast-engine", "fingerprint": "99d47132cb2279ca8b9aa0b24daa66a746caac848a5577ed3bd582fd3cbf5f7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99d47132cb2279ca8b9aa0b24daa66a746caac848a5577ed3bd582fd3cbf5f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/text_format.py"}, "region": {"startLine": 529}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74410, "scanner": "repobility-ast-engine", "fingerprint": "11f0116d228645a7dd9f0d3f6f9cf838463bff399778e5630ca91878fd3d40aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11f0116d228645a7dd9f0d3f6f9cf838463bff399778e5630ca91878fd3d40aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/descriptor_pool.py"}, "region": {"startLine": 660}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74409, "scanner": "repobility-ast-engine", "fingerprint": "41fe7c4f7e209d78bf2f79474981bca1d93c0b3bedae27ce7c3d70e1a6640e8c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41fe7c4f7e209d78bf2f79474981bca1d93c0b3bedae27ce7c3d70e1a6640e8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/descriptor_pool.py"}, "region": {"startLine": 652}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74407, "scanner": "repobility-ast-engine", "fingerprint": "825c365254a4ea3ff6128abcfa64486009ac4722358cb87b6b7319248f15c069", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|825c365254a4ea3ff6128abcfa64486009ac4722358cb87b6b7319248f15c069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74406, "scanner": "repobility-ast-engine", "fingerprint": "f973d8a21190508f57c8b477ada089652281c756de790f5bc82929e82554ffbd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f973d8a21190508f57c8b477ada089652281c756de790f5bc82929e82554ffbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74405, "scanner": "repobility-ast-engine", "fingerprint": "946a2e7d37aa3c956af225175011023fb25e5778023755669c3dd6848affc166", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|946a2e7d37aa3c956af225175011023fb25e5778023755669c3dd6848affc166"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 74404, "scanner": "repobility-ast-engine", "fingerprint": "593d7e92a57081c6b8b022d329ba514d4a7d95b30f14278e244af372f112db72", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|593d7e92a57081c6b8b022d329ba514d4a7d95b30f14278e244af372f112db72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 74333, "scanner": "repobility-threat-engine", "fingerprint": "8d93a55d4a01c77c6f41eb24b5d0a3280fb59538a1a0bc4ba060456e0abe9d90", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(w, pn.Number)\n\t}\n}\n\nfunc listPeople(w io.Writer, book *pb.AddressBook) {\n\tfor _, p := r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8d93a55d4a01c77c6f41eb24b5d0a3280fb59538a1a0bc4ba060456e0abe9d90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/go/cmd/list_people/list_people.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 74322, "scanner": "repobility-threat-engine", "fingerprint": "5415d86dad75cb8aab9096d30806fc28db1261f5784cbc8cbcf2e80f739db88d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5415d86dad75cb8aab9096d30806fc28db1261f5784cbc8cbcf2e80f739db88d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_test_runner.cc"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 74301, "scanner": "repobility-threat-engine", "fingerprint": "e32ac6acd269b5d85c6b8e694f3bf5889f0b97001505e3e2735be31a7391ce64", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|65|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmake/dependencies_generator.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `do_test` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=5, else=1, except=5, if=3, nested_bonus=4."}, "properties": {"repobilityId": 74298, "scanner": "repobility-threat-engine", "fingerprint": "3fd0e6a5f445faf794524d7300e4e7f480b11edcd702b27b00046023ae6eb686", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "do_test", "breakdown": {"if": 3, "elif": 5, "else": 1, "except": 5, "nested_bonus": 4}, "complexity": 18, "correlation_key": "fp|3fd0e6a5f445faf794524d7300e4e7f480b11edcd702b27b00046023ae6eb686"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 74291, "scanner": "repobility-threat-engine", "fingerprint": "3b37add6c5af40fb2165002b64fe8ee7bf87e1f63c45b25ffa0be90d45102d5f", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.check_call(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|benchmarks/compare.py|59|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/compare.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 559 lines (recommend <300)"}, "properties": {"repobilityId": 74290, "scanner": "repobility-core", "fingerprint": "129638106aaa448bb254f7482b207e3f4ce8dacb17e3f95638fffa2b7adc584a", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|129638106aaa448bb254f7482b207e3f4ce8dacb17e3f95638fffa2b7adc584a"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d69bd2a7584e959803600a3ea74f50945e787e8e44cd779a2a15cf6601873b9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/GeneratedMessageTest.cs", "duplicate_line": 92, "correlation_key": "fp|d69bd2a7584e959803600a3ea74f50945e787e8e44cd779a2a15cf6601873b9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/JsonFormatterTest.cs"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70866458d8ee2b0ae80b40d90e943dfa5cb3d02a4110cc7233a723f06a57465a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/IssuesTest.cs", "duplicate_line": 4, "correlation_key": "fp|70866458d8ee2b0ae80b40d90e943dfa5cb3d02a4110cc7233a723f06a57465a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/IssuesTest.cs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ae25881b1ebc83ba764534f4c8085390c0c4063924ba7595b79354c3ecf1057", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/GeneratedMessageTest.cs", "duplicate_line": 12, "correlation_key": "fp|7ae25881b1ebc83ba764534f4c8085390c0c4063924ba7595b79354c3ecf1057"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/GeneratedMessageTest.cs"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d11226060416028a263ad00e6640d2038149a832747e519c701b4fc36f709aa1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/GeneratedMessageTest.cs", "duplicate_line": 46, "correlation_key": "fp|d11226060416028a263ad00e6640d2038149a832747e519c701b4fc36f709aa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/GeneratedMessageTest.Proto2.cs"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57d22c57e460ca60c100d038a7951ff53d9e219987d2b9fe3c73403793fe3cdf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/FieldCodecTest.cs", "duplicate_line": 3, "correlation_key": "fp|57d22c57e460ca60c100d038a7951ff53d9e219987d2b9fe3c73403793fe3cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/FieldCodecTest.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f675469049fc932afba7fa09d6c8f5c9e813a7d59e66e1f0ddeb8bdae6c29934", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/EqualityTester.cs", "duplicate_line": 1, "correlation_key": "fp|f675469049fc932afba7fa09d6c8f5c9e813a7d59e66e1f0ddeb8bdae6c29934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/EqualityTester.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e88e472ea88281414e10a706e5822eb3e7f8abf320838822f4aa563d94675100", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/Compatibility/TypeExtensionsTest.cs", "duplicate_line": 1, "correlation_key": "fp|e88e472ea88281414e10a706e5822eb3e7f8abf320838822f4aa563d94675100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/Compatibility/TypeExtensionsTest.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "941af3fe87395b0a0816e8f10cdc76e29f38fd41d2e75c0d15264dad9f822fe4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/Compatibility/PropertyInfoExtensionsTest.cs", "duplicate_line": 1, "correlation_key": "fp|941af3fe87395b0a0816e8f10cdc76e29f38fd41d2e75c0d15264dad9f822fe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/Compatibility/PropertyInfoExtensionsTest.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5b1373565eaa0d16fa9817f73c5c060238d8d081f58f274368ffd6ac115a985", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/Collections/RepeatedFieldTest.cs", "duplicate_line": 7, "correlation_key": "fp|f5b1373565eaa0d16fa9817f73c5c060238d8d081f58f274368ffd6ac115a985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/Collections/RepeatedFieldTest.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00279e1d9303726e1bd71ea888afaafd273afc26a70d379bb63c55b36005b25a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/Collections/MapFieldTest.cs", "duplicate_line": 4, "correlation_key": "fp|00279e1d9303726e1bd71ea888afaafd273afc26a70d379bb63c55b36005b25a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/Collections/MapFieldTest.cs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a7a50582d555d06f8766040e791046d830b0638b1e877390740c13c7ca6ef99", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedOutputStreamTest.cs", "duplicate_line": 5, "correlation_key": "fp|3a7a50582d555d06f8766040e791046d830b0638b1e877390740c13c7ca6ef99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/CodedOutputStreamTest.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8e7ab64f469103d5a3fbf51055ff5b39c243aeecf963dea9a1eb616dee28eee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamTest.cs", "duplicate_line": 32, "correlation_key": "fp|b8e7ab64f469103d5a3fbf51055ff5b39c243aeecf963dea9a1eb616dee28eee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/CodedInputStreamTest.cs"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f5572c7e2fc56f8413778b9b7a7016612a87dc50b9d9e1f3778ea9e5f3f86eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamExtensions.cs", "duplicate_line": 1, "correlation_key": "fp|5f5572c7e2fc56f8413778b9b7a7016612a87dc50b9d9e1f3778ea9e5f3f86eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/CodedInputStreamExtensions.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74365, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc8b96f653d1ffa12070f89e5dc3d8d14a547d24e8390ce1105f3fb625fe557d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/ByteStringTest.cs", "duplicate_line": 4, "correlation_key": "fp|bc8b96f653d1ffa12070f89e5dc3d8d14a547d24e8390ce1105f3fb625fe557d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test/ByteStringTest.cs"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74364, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a90d6df1fc0298afc21e80c923792e031b15ac2880ba21f14536c12d204cfe6b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|a90d6df1fc0298afc21e80c923792e031b15ac2880ba21f14536c12d204cfe6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestSelfreferentialOptions.pb.cs"}, "region": {"startLine": 162}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2c96cf25a3de0598114041400d7bd283b6cbd60bf5d60f2fa7172871c9be2c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImport.pb.cs", "duplicate_line": 178, "correlation_key": "fp|b2c96cf25a3de0598114041400d7bd283b6cbd60bf5d60f2fa7172871c9be2c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestLegacyFeatures.pb.cs"}, "region": {"startLine": 210}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "877431b54801afce7ac7d2d498113c74125b8b64387547ba05f790acd14a3885", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|877431b54801afce7ac7d2d498113c74125b8b64387547ba05f790acd14a3885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestLegacyFeatures.pb.cs"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0468f43d9bee94ef71df941035aff1f3f6d82dba643c1f0270693cc0c22de240", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|0468f43d9bee94ef71df941035aff1f3f6d82dba643c1f0270693cc0c22de240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestIssue6936C.pb.cs"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4fe89acacef4bce32325a3d89e2764dfaf6f7dd053e1d12d083180fc9490871", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|f4fe89acacef4bce32325a3d89e2764dfaf6f7dd053e1d12d083180fc9490871"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestIssue6936B.pb.cs"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c49581a37852e7130b4583ec21624be896fc917dec872d7c71c31f1c1c2ee11a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImport.pb.cs", "duplicate_line": 178, "correlation_key": "fp|c49581a37852e7130b4583ec21624be896fc917dec872d7c71c31f1c1c2ee11a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublicProto3.pb.cs"}, "region": {"startLine": 151}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55ce969d7395c8f00f51718bc7fec652d2fc035a43ba01007ca016100d5cfe5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|55ce969d7395c8f00f51718bc7fec652d2fc035a43ba01007ca016100d5cfe5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublicProto3.pb.cs"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74357, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed8be2ff34de100dfb5454810c79a7d15794e8167cc60b02b7ae4f639b0100d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublic.pb.cs", "duplicate_line": 39, "correlation_key": "fp|ed8be2ff34de100dfb5454810c79a7d15794e8167cc60b02b7ae4f639b0100d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublicProto3.pb.cs"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74356, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c5805bd8dffc81fdae686e89317f0e4d530965e9d6f9bccc1ba5d25cb8f188a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImport.pb.cs", "duplicate_line": 178, "correlation_key": "fp|3c5805bd8dffc81fdae686e89317f0e4d530965e9d6f9bccc1ba5d25cb8f188a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublic.pb.cs"}, "region": {"startLine": 165}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74355, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca9485af2614e23adbafaeb41a975237dba3324a65e8743908107ed78d736037", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|ca9485af2614e23adbafaeb41a975237dba3324a65e8743908107ed78d736037"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportPublic.pb.cs"}, "region": {"startLine": 107}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74354, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d7cb25ad46403a87dd5ee1ad24399d4514faba1f1a328d579913b858b8e87457", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|d7cb25ad46403a87dd5ee1ad24399d4514faba1f1a328d579913b858b8e87457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportProto3.pb.cs"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74353, "scanner": "repobility-ai-code-hygiene", "fingerprint": "025afca2141ad80b9dbf6920aa193e34096689ba1d820c80f11cadc5e3ac58d7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImport.pb.cs", "duplicate_line": 52, "correlation_key": "fp|025afca2141ad80b9dbf6920aa193e34096689ba1d820c80f11cadc5e3ac58d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImportProto3.pb.cs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74352, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b527d205875e706eb62a8c3aa06c5b93aca51b60d0d4b48daf50e24f53448fbc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/src/AddressBook/Addressbook.pb.cs", "duplicate_line": 153, "correlation_key": "fp|b527d205875e706eb62a8c3aa06c5b93aca51b60d0d4b48daf50e24f53448fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf.Test.TestProtos/UnittestImport.pb.cs"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74351, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb17b4aee48fce3afa227db29feb5f696b420de2aaf9623cb5dea1bae23c44b5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/JsonParserTest.cs", "duplicate_line": 64, "correlation_key": "fp|bb17b4aee48fce3afa227db29feb5f696b420de2aaf9623cb5dea1bae23c44b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/WellKnownTypes/WrappersTest.cs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74350, "scanner": "repobility-ai-code-hygiene", "fingerprint": "634f2c7b9334d4d707373f9e0b6152ef80ba74ce3d2ca138e977222db44dda38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/GeneratedMessageTest.cs", "duplicate_line": 94, "correlation_key": "fp|634f2c7b9334d4d707373f9e0b6152ef80ba74ce3d2ca138e977222db44dda38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/SampleMessages.cs"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 74349, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a81f0b2093ee6da1439ffc01f34f49126a6425788b45444a4e196e81dc90075", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "conformance/ConformanceJava.java", "duplicate_line": 26, "correlation_key": "fp|8a81f0b2093ee6da1439ffc01f34f49126a6425788b45444a4e196e81dc90075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/ConformanceJavaLite.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 74348, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99d2666da16e299d97ca0f0ac7cf4d38f382e0dc78bd3d89c97c3115c3a25030", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|99d2666da16e299d97ca0f0ac7cf4d38f382e0dc78bd3d89c97c3115c3a25030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "upb/wire/decode_fast/field_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 74345, "scanner": "repobility-threat-engine", "fingerprint": "c206d13bca27168f0de6a79be67ff5c6375167d0c6b389c16af65d6b470fc96e", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'t find include: \"\n          + include\n          + \", h_files=\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c206d13bca27168f0de6a79be67ff5c6375167d0c6b389c16af65d6b470fc96e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "upb/bazel/private/oss/amalgamate.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `PromptForAddress` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=2, else=1, if=3, nested_bonus=4, while=1."}, "properties": {"repobilityId": 74299, "scanner": "repobility-threat-engine", "fingerprint": "5dd0831f897ce8601a54a0776203be9683c079de9abd78fa292b59b9057b7def", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "PromptForAddress", "breakdown": {"if": 3, "elif": 2, "else": 1, "break": 1, "while": 1, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|5dd0831f897ce8601a54a0776203be9683c079de9abd78fa292b59b9057b7def"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/add_person.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `Benchmark` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 74297, "scanner": "repobility-threat-engine", "fingerprint": "4ae64d67dcc41b2b18310dc2747c746aef9208394d96da104686f7d5426d52d0", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "Benchmark", "breakdown": {"if": 3, "for": 1, "else": 1, "continue": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|4ae64d67dcc41b2b18310dc2747c746aef9208394d96da104686f7d5426d52d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/compare.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 74347, "scanner": "repobility-threat-engine", "fingerprint": "a9dad59ab694420b454e840fe2b727566cc2839c56178a0f7cd47575172e4df5", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"  bazel build %s:%s\" % (config.package_name, config.target_name)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|9|print bazel build s: s config.package_name config.target_name"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "upb/cmake/staleness_test_lib.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 74346, "scanner": "repobility-threat-engine", "fingerprint": "ae221bb0774318bf70ca6d2ab7d91dce014842e03567cd50938e8ae215f35baa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae221bb0774318bf70ca6d2ab7d91dce014842e03567cd50938e8ae215f35baa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "upb/bazel/private/oss/amalgamate.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 74344, "scanner": "repobility-threat-engine", "fingerprint": "fa0a8ea44949838171fca4ccd34692d3384eda592aa833f28e3c8624520853fa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fa0a8ea44949838171fca4ccd34692d3384eda592aa833f28e3c8624520853fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/upb_kernel/conversions.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 74343, "scanner": "repobility-threat-engine", "fingerprint": "04ed065e2d605d3f532910c9511ae17a58fd76183f166f13a05343699926ee14", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|04ed065e2d605d3f532910c9511ae17a58fd76183f166f13a05343699926ee14", "aggregated_count": 19}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 74342, "scanner": "repobility-threat-engine", "fingerprint": "433793dd04d284687600d3b63bfda25664bb15340756fbb919b5c37d86189603", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|433793dd04d284687600d3b63bfda25664bb15340756fbb919b5c37d86189603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cpp_kernel/rust_alloc_for_cpp_api.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 74341, "scanner": "repobility-threat-engine", "fingerprint": "ed0858e9896f657a6520ca4f3778e3b16a2fbede006d2394d993a6255189b89a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed0858e9896f657a6520ca4f3778e3b16a2fbede006d2394d993a6255189b89a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cpp_kernel/message.rs"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 74340, "scanner": "repobility-threat-engine", "fingerprint": "17df1a671e372e89e6634d8a7472a4b2e900ff85c9d7c4ec480b5e9d8b9315f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17df1a671e372e89e6634d8a7472a4b2e900ff85c9d7c4ec480b5e9d8b9315f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cpp_kernel/interop.rs"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 74338, "scanner": "repobility-threat-engine", "fingerprint": "515d12d7a1ba332b9f5658ddd4530208fbbea337544ba222ececa505a2a79349", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|515d12d7a1ba332b9f5658ddd4530208fbbea337544ba222ececa505a2a79349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ruby/ext/google/protobuf_c/protobuf.c"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 74337, "scanner": "repobility-threat-engine", "fingerprint": "a5b90b04fad80ec6b24a28c170582f82e593ec5734ebae4af651b0d283090a7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5b90b04fad80ec6b24a28c170582f82e593ec5734ebae4af651b0d283090a7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "objectivec/GPBWellKnownTypes.m"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 74336, "scanner": "repobility-threat-engine", "fingerprint": "c33841bf8def136824214da2377c9d3b81079382edb70225b22e0672f16cd737", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c33841bf8def136824214da2377c9d3b81079382edb70225b22e0672f16cd737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "objectivec/GPBUnknownField.m"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 74335, "scanner": "repobility-threat-engine", "fingerprint": "5acbc9b515889aefef81c3b1d2b8e8bc3991352f42380fe6e3712e3a492db55b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5acbc9b515889aefef81c3b1d2b8e8bc3991352f42380fe6e3712e3a492db55b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "objectivec/GPBRootObject.m"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 74334, "scanner": "repobility-threat-engine", "fingerprint": "a13cf9691cadab3cb7dafa550a52e23bd6dd224be5aed3fd87badc7f38479f3b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a13cf9691cadab3cb7dafa550a52e23bd6dd224be5aed3fd87badc7f38479f3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hpb/extension.h"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 74332, "scanner": "repobility-threat-engine", "fingerprint": "31e2b9af3d3bd8fe6cd47735777ba2af87d57a072175bc1a28f61bc5eea1c29c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31e2b9af3d3bd8fe6cd47735777ba2af87d57a072175bc1a28f61bc5eea1c29c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/list_people.dart"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 74331, "scanner": "repobility-threat-engine", "fingerprint": "cb45984634e02336857947215040e2809dedef693ee13ff23218069f826d565a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb45984634e02336857947215040e2809dedef693ee13ff23218069f826d565a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/add_person.dart"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 74330, "scanner": "repobility-threat-engine", "fingerprint": "c00d4b936dad9ae4ee31cb2c0f7bdfd21c0847ca9ba55f1327a8bc1a897a1e7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c00d4b936dad9ae4ee31cb2c0f7bdfd21c0847ca9ba55f1327a8bc1a897a1e7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/list_people.cc"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 74329, "scanner": "repobility-threat-engine", "fingerprint": "c40108020b6d7ad5b46609276054eb5e72ed33d5d04c3503e8553659a9624e47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c40108020b6d7ad5b46609276054eb5e72ed33d5d04c3503e8553659a9624e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/add_person.cc"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 74328, "scanner": "repobility-threat-engine", "fingerprint": "b9940a4e504d80c1b294d21b0dca8be290875625aef4a480eb79d63c6b72f994", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9940a4e504d80c1b294d21b0dca8be290875625aef4a480eb79d63c6b72f994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/osgi/OsgiWrapper.java"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 74327, "scanner": "repobility-threat-engine", "fingerprint": "91fb831d87fe7e3b6542cbd747b93f45a1fbeab68a326da2cdb9efe5e78c95a2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91fb831d87fe7e3b6542cbd747b93f45a1fbeab68a326da2cdb9efe5e78c95a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ListPeople.java"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 74326, "scanner": "repobility-threat-engine", "fingerprint": "a0a7c2910abaf2161eef5643822122b77af3d6eca2ac695c55c05306a531f90b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a0a7c2910abaf2161eef5643822122b77af3d6eca2ac695c55c05306a531f90b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/AddPerson.java"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 74325, "scanner": "repobility-threat-engine", "fingerprint": "2d963a2732b26d865118b0894024831924d496e50078d48e72728ae429ce7147", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d963a2732b26d865118b0894024831924d496e50078d48e72728ae429ce7147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/build_tools.sh"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 74323, "scanner": "repobility-threat-engine", "fingerprint": "1105e59bb83421f3962cd013f0d04be0a63a8be79db6344888c54fa080ee1480", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1105e59bb83421f3962cd013f0d04be0a63a8be79db6344888c54fa080ee1480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_test_runner.cc"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 74321, "scanner": "repobility-threat-engine", "fingerprint": "a8bbd00f775770ae4100168ccfcac4034761920fead06a1c6690141f0ac00837", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a8bbd00f775770ae4100168ccfcac4034761920fead06a1c6690141f0ac00837", "aggregated_count": 4}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 74320, "scanner": "repobility-threat-engine", "fingerprint": "72809ec757d1f99af366dec9075751ea3c61a37c4c8013d35f7812c60e4001ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72809ec757d1f99af366dec9075751ea3c61a37c4c8013d35f7812c60e4001ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/release_crates/protobuf_codegen/src/lib.rs"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 74319, "scanner": "repobility-threat-engine", "fingerprint": "b3789c32b222f9a5457ebd055a183b9ab874f4818c73ad84b03dd6cdf3e45aaa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3789c32b222f9a5457ebd055a183b9ab874f4818c73ad84b03dd6cdf3e45aaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/protobuf_macros/proto_proc_macro_impl.rs"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 74318, "scanner": "repobility-threat-engine", "fingerprint": "d8db34297599a25b892772f75d2d26b4d580dded3d2d394e1f215844f4328017", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d8db34297599a25b892772f75d2d26b4d580dded3d2d394e1f215844f4328017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_rust.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 74317, "scanner": "repobility-threat-engine", "fingerprint": "2d06773f5e7f0bf519e2c5e314779328b6af335b0b4758ea0e10bfd081cbce50", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2d06773f5e7f0bf519e2c5e314779328b6af335b0b4758ea0e10bfd081cbce50", "aggregated_count": 8}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 74313, "scanner": "repobility-threat-engine", "fingerprint": "1defda88afaf96b3b9756eb6e937bde5f1faa0724df7106918ee740818ad2be5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1defda88afaf96b3b9756eb6e937bde5f1faa0724df7106918ee740818ad2be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 74310, "scanner": "repobility-threat-engine", "fingerprint": "97d2883f9c6f6e7288e201fb2a91b1ed6e219aeaeff7061bb51bf167877901eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|97d2883f9c6f6e7288e201fb2a91b1ed6e219aeaeff7061bb51bf167877901eb", "aggregated_count": 14}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 74300, "scanner": "repobility-threat-engine", "fingerprint": "1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "Benchmark", "breakdown": {"if": 3, "for": 1, "else": 1, "continue": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 9, "correlation_key": "fp|1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "aggregated_count": 4}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 74296, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 74295, "scanner": "repobility-threat-engine", "fingerprint": "2fb439375d11075a256e0caef43ae2a2402c748205be8326a7332e042e016fe5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2fb439375d11075a256e0caef43ae2a2402c748205be8326a7332e042e016fe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 74294, "scanner": "repobility-threat-engine", "fingerprint": "2f0a77a2fd5ca3ad614871be50fd0b3d6fbaf0afc79f94764c0c56cfb79a7725", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f0a77a2fd5ca3ad614871be50fd0b3d6fbaf0afc79f94764c0c56cfb79a7725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmake/dependencies_generator.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 74293, "scanner": "repobility-threat-engine", "fingerprint": "e875c55a0d96616c38dc074f04efb7c20ab5cb195efdfd699689e548cfad807f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e875c55a0d96616c38dc074f04efb7c20ab5cb195efdfd699689e548cfad807f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/compare.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74491, "scanner": "repobility-supply-chain", "fingerprint": "178611e0b1dae34f102491564593f2f6ae06a35d983a569e927c37180bb84091", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|178611e0b1dae34f102491564593f2f6ae06a35d983a569e927c37180bb84091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_bazel.yml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74490, "scanner": "repobility-supply-chain", "fingerprint": "67e19fc4f5e4e4392ec198ec8b811535db3b4e4f2662907a3a30fe7f8fb3bdbf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67e19fc4f5e4e4392ec198ec8b811535db3b4e4f2662907a3a30fe7f8fb3bdbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_php.yml"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74489, "scanner": "repobility-supply-chain", "fingerprint": "daf2fcb94228e9a8fd64ef5d2e16e906fb1b7358d62e74593f265815f74b36fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|daf2fcb94228e9a8fd64ef5d2e16e906fb1b7358d62e74593f265815f74b36fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_php.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/release-containers/linux/apple:9.0.0-9fc33a0c378b5affd3c85d3f5ae4f330993048f7` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/release-containers/linux/apple:9.0.0-9fc33a0c378b5affd3c85d3f5ae4f330993048f7` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74488, "scanner": "repobility-supply-chain", "fingerprint": "9caa3b45d557c0d075668f10935e7d474ddf5f71ea3f08fa0258b9910d5e6172", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9caa3b45d557c0d075668f10935e7d474ddf5f71ea3f08fa0258b9910d5e6172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_upb.yml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/emulation:8.0.1-aarch64-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/emulation:8.0.1-aarch64-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74487, "scanner": "repobility-supply-chain", "fingerprint": "dd5ebb3a8272e2e7774ee3f51f701515e2d14d488b37a656475974f6b9bcbdef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd5ebb3a8272e2e7774ee3f51f701515e2d14d488b37a656475974f6b9bcbdef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_python.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `arm64v8/ruby:3.1.4-buster` unpinned: `container/services image: arm64v8/ruby:3.1.4-buster` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74486, "scanner": "repobility-supply-chain", "fingerprint": "2f4cf0177c2dbe861ed1e17a2e874b4b5c655d2229196fb5399d5bee0124e694", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f4cf0177c2dbe861ed1e17a2e874b4b5c655d2229196fb5399d5bee0124e694"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_ruby.yml"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-e78301df86b3e4c46ec9ac4d98be00e19305d8f3` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-e78301df86b3e4c46ec9ac4d98be00e19305d8f3` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74485, "scanner": "repobility-supply-chain", "fingerprint": "6215cdeb12e09fa54b451c6cf9300644b4724f15816b04c954b92883fa3d7fea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6215cdeb12e09fa54b451c6cf9300644b4724f15816b04c954b92883fa3d7fea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_ruby.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `i386/ruby:3.1.6-bullseye` unpinned: `container/services image: i386/ruby:3.1.6-bullseye` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74484, "scanner": "repobility-supply-chain", "fingerprint": "2f08ae569ece0b18738dfdcea228e391e62045b9c93833a5d39e294345ab9f7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f08ae569ece0b18738dfdcea228e391e62045b9c93833a5d39e294345ab9f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_ruby.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-e78301df86b3e4c46ec9ac4d98be00e19305d8f3` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-e78301df86b3e4c46ec9ac4d98be00e19305d8f3` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74483, "scanner": "repobility-supply-chain", "fingerprint": "647e0eae20932d453b5145be396bee2a0cd61c60abc8724c1398cd302cab1d38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|647e0eae20932d453b5145be396bee2a0cd61c60abc8724c1398cd302cab1d38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_ruby.yml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/release/linux/rust:9.0.0-1.90.0-98863a45066747115144a8a8fb4818189d1e0761` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/release/linux/rust:9.0.0-1.90.0-98863a45066747115144a8a8fb4818189d1e0761` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74482, "scanner": "repobility-supply-chain", "fingerprint": "f94727558a68818382bc698afded1cd5647f0c9117157c1a878836be11be200b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f94727558a68818382bc698afded1cd5647f0c9117157c1a878836be11be200b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_rust.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/gcc:8.0.1-12.2-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/gcc:8.0.1-12.2-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74481, "scanner": "repobility-supply-chain", "fingerprint": "1b048be77b0ba77ae55c55c59e5470fc130412616df02790c274e2d90d9030d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b048be77b0ba77ae55c55c59e5470fc130412616df02790c274e2d90d9030d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 374}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74480, "scanner": "repobility-supply-chain", "fingerprint": "bc85e40905bea0d90bf2aa6a368ac198d6d79d6de790de64a5bc6710133e06cd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc85e40905bea0d90bf2aa6a368ac198d6d79d6de790de64a5bc6710133e06cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 332}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74479, "scanner": "repobility-supply-chain", "fingerprint": "fa2a0a031681155d87db72b9d73ab0db4d819754b050c3f54061caab98c286a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa2a0a031681155d87db72b9d73ab0db4d819754b050c3f54061caab98c286a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/cmake:3.16.9-9626718698895971df3953d4aa2321d7425f3c5f` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74478, "scanner": "repobility-supply-chain", "fingerprint": "d9057037785bc5758dab0b995a0e042a2aa7371332b79df00c8949c489e90f87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9057037785bc5758dab0b995a0e042a2aa7371332b79df00c8949c489e90f87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74477, "scanner": "repobility-supply-chain", "fingerprint": "eeffa6fba07eed71254bc9aab2ccef7a3b6712b9e8a8ddc065b4be7ac676fbce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eeffa6fba07eed71254bc9aab2ccef7a3b6712b9e8a8ddc065b4be7ac676fbce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/emulation:8.0.1-aarch64-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/emulation:8.0.1-aarch64-168f9c9d015a0fa16611e1e9eede796fe9bfbb69` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74476, "scanner": "repobility-supply-chain", "fingerprint": "c75aeef39860d35afca5aeccb69e08ebf7a5102ad8ab05ae5d89020bc77c0b7d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c75aeef39860d35afca5aeccb69e08ebf7a5102ad8ab05ae5d89020bc77c0b7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/tcmalloc:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/tcmalloc:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74475, "scanner": "repobility-supply-chain", "fingerprint": "eb02ab7c5ccfc46951531220d93a0b44d202c47dbaaa444ff28120cd8a7f0e0a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb02ab7c5ccfc46951531220d93a0b44d202c47dbaaa444ff28120cd8a7f0e0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:9.0.0-7932bf8b25fb76a111e7257d151a6a58d5c3c671` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74474, "scanner": "repobility-supply-chain", "fingerprint": "a3d5f13f339375fd1b50523826a5b649c4806c3ac3cacad2a72968988cbff252", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a3d5f13f339375fd1b50523826a5b649c4806c3ac3cacad2a72968988cbff252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:8.0.1-d415763a389bb62a6f126b08c992e83f9f7dc1b4` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74473, "scanner": "repobility-supply-chain", "fingerprint": "01eb38917dd573ae4a88ee7e9128839a9755fe4eec9064798ebf45beb7d5b75c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01eb38917dd573ae4a88ee7e9128839a9755fe4eec9064798ebf45beb7d5b75c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74472, "scanner": "repobility-supply-chain", "fingerprint": "47bc1678a3ebb935a7a1d1e3dfb3eb5379ecff952f8a900fd98ba7a84c30723b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47bc1678a3ebb935a7a1d1e3dfb3eb5379ecff952f8a900fd98ba7a84c30723b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/sccache` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/sccache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74471, "scanner": "repobility-supply-chain", "fingerprint": "817b52feba30215919b4ecc41350aa0754fb723b7204d37c26ad13e3d7a011b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|817b52feba30215919b4ecc41350aa0754fb723b7204d37c26ad13e3d7a011b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/cross-compile-protoc` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/cross-compile-protoc@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74470, "scanner": "repobility-supply-chain", "fingerprint": "69acb58db242672095e743a169649ade005d593334c40bc313c6ffccd0a23a37", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69acb58db242672095e743a169649ade005d593334c40bc313c6ffccd0a23a37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74469, "scanner": "repobility-supply-chain", "fingerprint": "bde1ed23266e605631df4b378d7d41c2b119b265ca8c35d398fbc4b591026b41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bde1ed23266e605631df4b378d7d41c2b119b265ca8c35d398fbc4b591026b41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel-docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel-docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74468, "scanner": "repobility-supply-chain", "fingerprint": "4ad4e968d8e7cf2880aae5f2931bc6afa2bb02ec641239579face2c8ac12a7db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ad4e968d8e7cf2880aae5f2931bc6afa2bb02ec641239579face2c8ac12a7db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74467, "scanner": "repobility-supply-chain", "fingerprint": "89d2d567331475a23356f25fc61a7b0325887834fd16db7c27b66b99bf74ab8f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89d2d567331475a23356f25fc61a7b0325887834fd16db7c27b66b99bf74ab8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel-docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel-docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74466, "scanner": "repobility-supply-chain", "fingerprint": "a2910717ce1dd65cf1f45a1d52f8701369e8dfc573a7c8ae79d35d6d702d033a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a2910717ce1dd65cf1f45a1d52f8701369e8dfc573a7c8ae79d35d6d702d033a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74465, "scanner": "repobility-supply-chain", "fingerprint": "d43ff042d67e7643d256cd9123c83b15d20065550f781f7bc81b274712e81052", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d43ff042d67e7643d256cd9123c83b15d20065550f781f7bc81b274712e81052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_cpp.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74464, "scanner": "repobility-supply-chain", "fingerprint": "db33f47ac335d5ce827bc1b3c06c39b56fc0e361ddc8c6a5a4d60bbda7c6f309", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|db33f47ac335d5ce827bc1b3c06c39b56fc0e361ddc8c6a5a4d60bbda7c6f309"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_yaml.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74463, "scanner": "repobility-supply-chain", "fingerprint": "0027ca8f12586bc87eb919abdfddf0287ceace90b30dbd7a45e8e80476b991f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0027ca8f12586bc87eb919abdfddf0287ceace90b30dbd7a45e8e80476b991f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_php_ext.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74462, "scanner": "repobility-supply-chain", "fingerprint": "91885644121b37b606a466a348c0e16bb5c19fc4fa331373de6324f3b1575ec0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|91885644121b37b606a466a348c0e16bb5c19fc4fa331373de6324f3b1575ec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_php_ext.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74461, "scanner": "repobility-supply-chain", "fingerprint": "3c77dda57a36e6f2c96e76c51de8519b99334e1590cb60b97562faf158cde940", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3c77dda57a36e6f2c96e76c51de8519b99334e1590cb60b97562faf158cde940"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_php_ext.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `bazel-contrib/.github/.github/workflows/release_ruleset.yaml` pinned to mutable ref `@v7.3.0`: `uses: bazel-contrib/.github/.github/workflows/release_ruleset.yaml@v7.3.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74460, "scanner": "repobility-supply-chain", "fingerprint": "d8d214623f93e5371c5b905267a4a4fda68fa6c44c126a1003fda0540e4e6847", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8d214623f93e5371c5b905267a4a4fda68fa6c44c126a1003fda0540e4e6847"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release_bazel_module.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74459, "scanner": "repobility-supply-chain", "fingerprint": "9d9c6fe130f01b93a95e610126e9bb334495fcf71fbc8c3075d6797c91ac9544", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9d9c6fe130f01b93a95e610126e9bb334495fcf71fbc8c3075d6797c91ac9544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-21-1c31a2985011c75c33dcdf646fc86898aac1ec5d` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-21-1c31a2985011c75c33dcdf646fc86898aac1ec5d` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74458, "scanner": "repobility-supply-chain", "fingerprint": "30c1862bbabd01e72da41637f9c8a7aeaddb36b105fd47944f90fc7d3a7db5e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30c1862bbabd01e72da41637f9c8a7aeaddb36b105fd47944f90fc7d3a7db5e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:8.6.0-21-856ad422dddd3b8fbd85e36129496b37bba174ef` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:8.6.0-21-856ad422dddd3b8fbd85e36129496b37bba174ef` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74457, "scanner": "repobility-supply-chain", "fingerprint": "866a346c156f38710f9329ac341bf9b108749fb97c49be0847b2cc57b9d61b93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|866a346c156f38710f9329ac341bf9b108749fb97c49be0847b2cc57b9d61b93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-17-1c31a2985011c75c33dcdf646fc86898aac1ec5d` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-17-1c31a2985011c75c33dcdf646fc86898aac1ec5d` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74456, "scanner": "repobility-supply-chain", "fingerprint": "8b78a6f0a77ccc9aa1e2f37cbfb2bb910a5941ad9b950962780b3ab78f5d5afa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b78a6f0a77ccc9aa1e2f37cbfb2bb910a5941ad9b950962780b3ab78f5d5afa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74455, "scanner": "repobility-supply-chain", "fingerprint": "503d1e021e7883a186f081327805bb48a8d67ecd270624c16f076de0dd9ab920", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|503d1e021e7883a186f081327805bb48a8d67ecd270624c16f076de0dd9ab920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` unpinned: `container/services image: us-docker.pkg.dev/protobuf-build/containers/test/linux/java:9.0.0-11-1c31a2985011c75c33dcdf646fc86898aac1ec5d` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 74454, "scanner": "repobility-supply-chain", "fingerprint": "a72d0c669e0a370d598c2005785e8682853d25d780a973032e986de3fcbd6f2e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a72d0c669e0a370d598c2005785e8682853d25d780a973032e986de3fcbd6f2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel-docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel-docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74453, "scanner": "repobility-supply-chain", "fingerprint": "66e71fb693067de5341c2f701c7b40ea4de8ed7eb5a1cd666350496fe680a409", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66e71fb693067de5341c2f701c7b40ea4de8ed7eb5a1cd666350496fe680a409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74452, "scanner": "repobility-supply-chain", "fingerprint": "0ec2df599b229f14f38432c203dc38ba9534acdef5dc2fbe0f930775ac1d3ec0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ec2df599b229f14f38432c203dc38ba9534acdef5dc2fbe0f930775ac1d3ec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel-docker` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel-docker@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74451, "scanner": "repobility-supply-chain", "fingerprint": "5eff5c880022b2c76241f76b94e9376fa5f78b90e601b29d1776c89565ec5948", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5eff5c880022b2c76241f76b94e9376fa5f78b90e601b29d1776c89565ec5948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74450, "scanner": "repobility-supply-chain", "fingerprint": "1426552d2049db255a4c0fcc5a857cbc98972f83ed3983b815205fc41c56fa7d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1426552d2049db255a4c0fcc5a857cbc98972f83ed3983b815205fc41c56fa7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_java.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74449, "scanner": "repobility-supply-chain", "fingerprint": "4abeab846603cedf2d400445c3f40c9fbc2e1b9d79fe6eef9a70ee3dc9817f98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4abeab846603cedf2d400445c3f40c9fbc2e1b9d79fe6eef9a70ee3dc9817f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74448, "scanner": "repobility-supply-chain", "fingerprint": "a12dd02669a71f93c6e974cee59ec6859788345808cedeb235502cd8b6f6d826", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a12dd02669a71f93c6e974cee59ec6859788345808cedeb235502cd8b6f6d826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bazel` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bazel@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74447, "scanner": "repobility-supply-chain", "fingerprint": "bb69737a00dc4ce1f084ff5e3ede527c9625870d84efcf9e80a136c107113de1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb69737a00dc4ce1f084ff5e3ede527c9625870d84efcf9e80a136c107113de1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74446, "scanner": "repobility-supply-chain", "fingerprint": "f1f96249501ab4ce5fb7929bb28422f957c1cd9ecc30dcee311ea3f3187be9d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1f96249501ab4ce5fb7929bb28422f957c1cd9ecc30dcee311ea3f3187be9d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/bash` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/bash@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74445, "scanner": "repobility-supply-chain", "fingerprint": "abb7e0ec3d14e20f11aef538936197f010fdf0fcae9cd813f2ab364f1a65ea10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|abb7e0ec3d14e20f11aef538936197f010fdf0fcae9cd813f2ab364f1a65ea10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/ccache` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/ccache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74444, "scanner": "repobility-supply-chain", "fingerprint": "0e0b9ae1ea98749a7b70fcd1d086d0295e99a13947ca8fa46ac21c19ddb20630", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e0b9ae1ea98749a7b70fcd1d086d0295e99a13947ca8fa46ac21c19ddb20630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `protocolbuffers/protobuf-ci/checkout` pinned to mutable ref `@v5`: `uses: protocolbuffers/protobuf-ci/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74443, "scanner": "repobility-supply-chain", "fingerprint": "19997262b4e17506a11323685919fab4ff7d38eedd7fc6892abd1526ece0793b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19997262b4e17506a11323685919fab4ff7d38eedd7fc6892abd1526ece0793b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_objectivec.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml` pinned to mutable ref `@v1.0.0`: `uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v1.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 74442, "scanner": "repobility-supply-chain", "fingerprint": "15b3d83d0a1cde266dbfab4b47a7a1485df86d185c8e30e2c4147e2886422c40", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15b3d83d0a1cde266dbfab4b47a7a1485df86d185c8e30e2c4147e2886422c40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish_to_bcr.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_nparray_order: Test function `test_nparray_order` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74441, "scanner": "repobility-ast-engine", "fingerprint": "9de971e737f50401770137e39b0b6e04eb04d1795e7fe962c2105e5ea628b905", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9de971e737f50401770137e39b0b6e04eb04d1795e7fe962c2105e5ea628b905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 584}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_float_compare: Test function `test_float_compare` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74440, "scanner": "repobility-ast-engine", "fingerprint": "eb5662600bfb7c1f0d3941cb7c9a532de9c9cf0b5a21f8b97fc487496a9da194", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb5662600bfb7c1f0d3941cb7c9a532de9c9cf0b5a21f8b97fc487496a9da194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 557}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_empty_list_object_dtype: Test function `test_empty_list_object_dtype` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74439, "scanner": "repobility-ast-engine", "fingerprint": "3e27e25e5adc0d6e96f75a124a78910656848286e0573977e5a0b57bc624acf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e27e25e5adc0d6e96f75a124a78910656848286e0573977e5a0b57bc624acf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 430}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_repeated_bytes_object_dtype: Test function `test_repeated_bytes_object_dtype` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74438, "scanner": "repobility-ast-engine", "fingerprint": "111748bb4cdaf0c1987f16beb78a9f504c68aa4c37ee2f6972dbca00d0886cf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|111748bb4cdaf0c1987f16beb78a9f504c68aa4c37ee2f6972dbca00d0886cf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_repeated_bytes_none_dtype: Test function `test_repeated_bytes_none_dtype` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74437, "scanner": "repobility-ast-engine", "fingerprint": "d4b2a94a79dd88ee5e272f41883494f9ed0079e0340edc1d7145a38de3437797", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4b2a94a79dd88ee5e272f41883494f9ed0079e0340edc1d7145a38de3437797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 405}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_repeated_string_none_dtype: Test function `test_repeated_string_none_dtype` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74436, "scanner": "repobility-ast-engine", "fingerprint": "70383c1989d07c5c5cf1bf574d25542a333a17f4db27e61ad21ee7d3b0de2591", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70383c1989d07c5c5cf1bf574d25542a333a17f4db27e61ad21ee7d3b0de2591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_numpy_signed_packed_arrays_from_repeated: Test function `test_numpy_signed_packed_arrays_from_repeated` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74435, "scanner": "repobility-ast-engine", "fingerprint": "f123d6e548f10544cae64fb9de82502f1932c3d5ed4a6dbc90a29a3c5ee659e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f123d6e548f10544cae64fb9de82502f1932c3d5ed4a6dbc90a29a3c5ee659e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 328}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_numpy_empty_repeated: Test function `test_numpy_empty_repeated` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74434, "scanner": "repobility-ast-engine", "fingerprint": "0463ea1dcdad8539d499b7c34fc8cb25652bf1f8a405b0d04e7398c14bf72e53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0463ea1dcdad8539d499b7c34fc8cb25652bf1f8a405b0d04e7398c14bf72e53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_numpy_signed_arrays_from_repeated: Test function `test_numpy_signed_arrays_from_repeated` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74433, "scanner": "repobility-ast-engine", "fingerprint": "997fdb20bf650e7b4f15a0fea25ad41301894c7a599df0a110407698fde12168", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|997fdb20bf650e7b4f15a0fea25ad41301894c7a599df0a110407698fde12168"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_simple_np_array_from_repeated_continue: Test function `test_simple_np_array_from_repeated_continue` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74432, "scanner": "repobility-ast-engine", "fingerprint": "26a2d706b43884d0f1b59b0920921a61d3a6b1a973448125ebd94c1efe8a1388", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26a2d706b43884d0f1b59b0920921a61d3a6b1a973448125ebd94c1efe8a1388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_simple_np_array_from_repeated: Test function `test_simple_np_array_from_repeated` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74431, "scanner": "repobility-ast-engine", "fingerprint": "9e1932e6bf603accf0da065e8c8e7255b27a4969656852a4ca0aed84f3befd2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e1932e6bf603accf0da065e8c8e7255b27a4969656852a4ca0aed84f3befd2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/numpy/numpy_test.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unknown_message_set_decoder_mismatched_end_group: Test function `test_unknown_message_set_decoder_mismatched_end_group` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74426, "scanner": "repobility-ast-engine", "fingerprint": "9ffbc70a290d259d6202bcc680ec78f0ed90de955d9f48a777005f171f354d01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ffbc70a290d259d6202bcc680ec78f0ed90de955d9f48a777005f171f354d01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/decoder_test.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_decode_message_set_unknown_mismatched_end_group: Test function `test_decode_message_set_unknown_mismatched_end_group` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74425, "scanner": "repobility-ast-engine", "fingerprint": "08e96936e988053e21334cb10fdbd56e3c469f162e889ee6eeb85e3bba340e0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08e96936e988053e21334cb10fdbd56e3c469f162e889ee6eeb85e3bba340e0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/decoder_test.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_decode_unknown_mismatched_end_group_nested: Test function `test_decode_unknown_mismatched_end_group_nested` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74424, "scanner": "repobility-ast-engine", "fingerprint": "a77e8f23a607c71e51d5401620efa0dfdf23adda55429d95858e2d0af34acd0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a77e8f23a607c71e51d5401620efa0dfdf23adda55429d95858e2d0af34acd0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/decoder_test.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_decode_unknown_mismatched_end_group: Test function `test_decode_unknown_mismatched_end_group` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74423, "scanner": "repobility-ast-engine", "fingerprint": "96dc3907006a3fe86716e8afe5b05f3bddab6a0f205dfe0f4dce12cf5a60dd9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96dc3907006a3fe86716e8afe5b05f3bddab6a0f205dfe0f4dce12cf5a60dd9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/decoder_test.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_decode_unknown_group_field_too_many_levels: Test function `test_decode_unknown_group_field_too_many_levels` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74422, "scanner": "repobility-ast-engine", "fingerprint": "58755b6339946841b1945ee1f163ea64afb4934bb680c890779a41546b3f67c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58755b6339946841b1945ee1f163ea64afb4934bb680c890779a41546b3f67c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/decoder_test.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_older_runtime_version_disallowed: Test function `test_older_runtime_version_disallowed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74419, "scanner": "repobility-ast-engine", "fingerprint": "3146f844a6791723179481cb74b6d8d524a51db2dd549a7cee527f1bd282bb23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3146f844a6791723179481cb74b6d8d524a51db2dd549a7cee527f1bd282bb23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/runtime_version_test.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_newer_runtime_version_allowed: Test function `test_newer_runtime_version_allowed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74418, "scanner": "repobility-ast-engine", "fingerprint": "b4da3ae1b7504bbd015baf57a8ad3bfee72d98ab0b52067f9cbb464d5739ce9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4da3ae1b7504bbd015baf57a8ad3bfee72d98ab0b52067f9cbb464d5739ce9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/runtime_version_test.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_same_version_allowed: Test function `test_same_version_allowed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74417, "scanner": "repobility-ast-engine", "fingerprint": "8624bb84ea7103257b30ce4fba152fa139fa320ab1299f739c254809dd48cce4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8624bb84ea7103257b30ce4fba152fa139fa320ab1299f739c254809dd48cce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/runtime_version_test.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cross_domain_disallowed: Test function `test_cross_domain_disallowed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74416, "scanner": "repobility-ast-engine", "fingerprint": "7c497f825d1c40263889244a369aae0016c96ff67f50c4f23ef6466a9488f44e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c497f825d1c40263889244a369aae0016c96ff67f50c4f23ef6466a9488f44e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/runtime_version_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_version: Test function `test_invalid_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74415, "scanner": "repobility-ast-engine", "fingerprint": "ea5e205f3a19cdae58d2ebd2f6af5234f35d94b9c33a0ebdf4868b4cfc1ababf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea5e205f3a19cdae58d2ebd2f6af5234f35d94b9c33a0ebdf4868b4cfc1ababf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/runtime_version_test.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_timstamp_construction: Test function `test_timstamp_construction` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 74413, "scanner": "repobility-ast-engine", "fingerprint": "cbbe39ea51f09ffb54376bc074fbf5a8bc75d6206432498ecebf25d4c1174005", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbbe39ea51f09ffb54376bc074fbf5a8bc75d6206432498ecebf25d4c1174005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/timestamp_test.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProtosTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74403, "scanner": "repobility-ast-engine", "fingerprint": "0cda501d582e7b192ac519d3754f9bc0473d7cb8a45b8669806ff82a5128e944", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0cda501d582e7b192ac519d3754f9bc0473d7cb8a45b8669806ff82a5128e944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertFalse` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProtosTest` reads `self.assertFalse`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74402, "scanner": "repobility-ast-engine", "fingerprint": "7c1afda814736e28e2faca8b6735f1f02b77c08c5ac00d28b0ac506f79794fe9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c1afda814736e28e2faca8b6735f1f02b77c08c5ac00d28b0ac506f79794fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertFalse` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProtosTest` reads `self.assertFalse`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74401, "scanner": "repobility-ast-engine", "fingerprint": "1e68ed5608a5c22e6a3bbe2e3c9635fa6cf395f16a43040f5280b6186e531b95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e68ed5608a5c22e6a3bbe2e3c9635fa6cf395f16a43040f5280b6186e531b95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `testIsInitializedStub` of class `OversizeProtosTest` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74400, "scanner": "repobility-ast-engine", "fingerprint": "429c673e77bef9e799898159f1cdaa2f78e1e14cc7ff04483a75d4e417de478d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|429c673e77bef9e799898159f1cdaa2f78e1e14cc7ff04483a75d4e417de478d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `testExtensionIter` of class `OversizeProtosTest` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74399, "scanner": "repobility-ast-engine", "fingerprint": "6ecd12ce4479ce66c19af56beb7cf5477fef4fb88cddb9bc0024420b0d74b74e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ecd12ce4479ce66c19af56beb7cf5477fef4fb88cddb9bc0024420b0d74b74e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testExtensionIter` of class `OversizeProtosTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74398, "scanner": "repobility-ast-engine", "fingerprint": "b7c73b9ad001e3363861ebb527917a9587cc635afb7cf143eb689272b062c951", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7c73b9ad001e3363861ebb527917a9587cc635afb7cf143eb689272b062c951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testExtensionIter` of class `OversizeProtosTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74397, "scanner": "repobility-ast-engine", "fingerprint": "a290438b3afdc18af7187e33ed73f21eadb54d7c18bb2641b78e7ac82dee2d55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a290438b3afdc18af7187e33ed73f21eadb54d7c18bb2641b78e7ac82dee2d55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.p_serialized` used but never assigned in __init__: Method `testSucceedOversizeProto` of class `OversizeProtosTest` reads `self.p_serialized`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74396, "scanner": "repobility-ast-engine", "fingerprint": "778c4a5f103280bdc67507fc94406427dc562cbf89e019a033d1652811e3333a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|778c4a5f103280bdc67507fc94406427dc562cbf89e019a033d1652811e3333a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.p_serialized` used but never assigned in __init__: Method `testAssertOversizeProto` of class `OversizeProtosTest` reads `self.p_serialized`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74395, "scanner": "repobility-ast-engine", "fingerprint": "e6fa75abd7ca507e7273cdfed5569a17fab59deb8419530dedbbaa3c95a249db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6fa75abd7ca507e7273cdfed5569a17fab59deb8419530dedbbaa3c95a249db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `testAssertOversizeProto` of class `OversizeProtosTest` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74394, "scanner": "repobility-ast-engine", "fingerprint": "bee4f0ed9cadcbc792be401168f5576ad81d95b3260f4c30567a564e918a7edc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bee4f0ed9cadcbc792be401168f5576ad81d95b3260f4c30567a564e918a7edc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.p_serialized` used but never assigned in __init__: Method `setUp` of class `OversizeProtosTest` reads `self.p_serialized`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74393, "scanner": "repobility-ast-engine", "fingerprint": "b3db592ba02b4a971291a7b31e9a142febbc96dabb11e30ed8581e8641bbfb2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3db592ba02b4a971291a7b31e9a142febbc96dabb11e30ed8581e8641bbfb2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testFloatPrinting` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74392, "scanner": "repobility-ast-engine", "fingerprint": "d5eec8272d5bd5aeffd2e5964f66de19ec76c5f911186290596b3d04cf4a820f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5eec8272d5bd5aeffd2e5964f66de19ec76c5f911186290596b3d04cf4a820f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testClearReifiedRepeatdField` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74391, "scanner": "repobility-ast-engine", "fingerprint": "703f163a254d50e60bb3f47b01ddc2058dc65446d1e8a3004ca04ac655270ca9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|703f163a254d50e60bb3f47b01ddc2058dc65446d1e8a3004ca04ac655270ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertNotEqual` used but never assigned in __init__: Method `testClearReifiedRepeatdField` of class `TestMessageExtension` reads `self.assertNotEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74390, "scanner": "repobility-ast-engine", "fingerprint": "93b6730e53381a07a02b56819ab1710dcef21a40ff8711e921c92241ab1c337a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93b6730e53381a07a02b56819ab1710dcef21a40ff8711e921c92241ab1c337a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testClearStubRepeatedField` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74389, "scanner": "repobility-ast-engine", "fingerprint": "64fc53fbb991797b54b9f61c253b6245891a4c8ca74a01f61a2c191f4c693bec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64fc53fbb991797b54b9f61c253b6245891a4c8ca74a01f61a2c191f4c693bec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testClearReifiedMapField` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74388, "scanner": "repobility-ast-engine", "fingerprint": "1ac45858c0483b7ebba84dfd1564fe1e1c3b9a9d93e62437c0e9f93928ed23cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ac45858c0483b7ebba84dfd1564fe1e1c3b9a9d93e62437c0e9f93928ed23cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testClearStubMapField` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74387, "scanner": "repobility-ast-engine", "fingerprint": "1308eeb02dfc02a798f0dc443ef59231bf55fd4d8babd157afd00a1b7507b785", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1308eeb02dfc02a798f0dc443ef59231bf55fd4d8babd157afd00a1b7507b785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `testExtensionsErrors` of class `TestMessageExtension` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74386, "scanner": "repobility-ast-engine", "fingerprint": "404382f955a09c61d435322c39b2c22ab36f0f844b8bff59dbd30065c528d9fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|404382f955a09c61d435322c39b2c22ab36f0f844b8bff59dbd30065c528d9fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_repeated_field_slice_delete` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74385, "scanner": "repobility-ast-engine", "fingerprint": "1ccb3e7ae05dc0c9173606d0db2cd02a67355738989c8679d8dc7b1016b4acfd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ccb3e7ae05dc0c9173606d0db2cd02a67355738989c8679d8dc7b1016b4acfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_lib_is_upb` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74384, "scanner": "repobility-ast-engine", "fingerprint": "d4814c0932c8fc3ed4f3d08fa7fcfee04355913167161a8527f71886267d079a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4814c0932c8fc3ed4f3d08fa7fcfee04355913167161a8527f71886267d079a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_lib_is_upb` of class `TestMessageExtension` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74383, "scanner": "repobility-ast-engine", "fingerprint": "90c4926a19782f70ec5187aa7092b445b1b06d2a1a1714fc79899bddc38028ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90c4926a19782f70ec5187aa7092b445b1b06d2a1a1714fc79899bddc38028ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIs` used but never assigned in __init__: Method `test_descriptor_pool` of class `TestMessageExtension` reads `self.assertIs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74382, "scanner": "repobility-ast-engine", "fingerprint": "d937c4f625b74b0149081656037a603f8fbea12baa2e3166912d603bd488f4a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d937c4f625b74b0149081656037a603f8fbea12baa2e3166912d603bd488f4a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_descriptor_pool` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74381, "scanner": "repobility-ast-engine", "fingerprint": "7f0ea26c83e9719d97b7991ba2a5bc859727901580a2ca09c3d6e74ef869f7ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f0ea26c83e9719d97b7991ba2a5bc859727901580a2ca09c3d6e74ef869f7ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_descriptor_pool` of class `TestMessageExtension` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74380, "scanner": "repobility-ast-engine", "fingerprint": "f4be57886a1cb2d0c417e97e7e81a9691fcc7359ef72027229cd6a6f53dc62d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4be57886a1cb2d0c417e97e7e81a9691fcc7359ef72027229cd6a6f53dc62d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/minimal_test.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `testPython3` of class `PythonVersionTest` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 74379, "scanner": "repobility-ast-engine", "fingerprint": "2f15e8b0c87c9abe8f8874a2fcf1b28cc680f0520b0d7aa73bbae9af386dc6ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f15e8b0c87c9abe8f8874a2fcf1b28cc680f0520b0d7aa73bbae9af386dc6ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/python_version_test.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 74339, "scanner": "repobility-threat-engine", "fingerprint": "160baded8c34bf91fb7d7bf44e9f13342ec1a139879992197256f18815c36e59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|160baded8c34bf91fb7d7bf44e9f13342ec1a139879992197256f18815c36e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cord.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC032", "level": "error", "message": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs."}, "properties": {"repobilityId": 74324, "scanner": "repobility-threat-engine", "fingerprint": "0f1d153ecd1746536a21efef570fe3dc98b78eb81e00dc935b6159482bffe740", "category": "file_upload", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "open(args.filename)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC032", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f1d153ecd1746536a21efef570fe3dc98b78eb81e00dc935b6159482bffe740"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/update_failure_list.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 74316, "scanner": "repobility-threat-engine", "fingerprint": "dc24e161fc137c802fdd1ccf4c22fb8feb0e39f0478f37d7a7e622a0184841e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc24e161fc137c802fdd1ccf4c22fb8feb0e39f0478f37d7a7e622a0184841e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cpp_kernel/rust_alloc_for_cpp_api.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 74315, "scanner": "repobility-threat-engine", "fingerprint": "19428d6777a8386d1e540430c8d24604543fec4941de95d17521e0cf51cb294d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19428d6777a8386d1e540430c8d24604543fec4941de95d17521e0cf51cb294d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cpp_kernel/interop.rs"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 74314, "scanner": "repobility-threat-engine", "fingerprint": "53f6d6e383b92fdef7679ae9eb369616a583dba36f7ca6056b2b252458a8bb04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|53f6d6e383b92fdef7679ae9eb369616a583dba36f7ca6056b2b252458a8bb04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_rust.rs"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 74312, "scanner": "repobility-threat-engine", "fingerprint": "1dfa05fd5b66419022136d453cae153ad6493de3a9fd7dbb010bcfbb1ba01821", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1dfa05fd5b66419022136d453cae153ad6493de3a9fd7dbb010bcfbb1ba01821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/docs/generate_docs.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 74311, "scanner": "repobility-threat-engine", "fingerprint": "fd60ed6e6cab64da3055b2ec768a06facdbe7b8b83d5596aa8fffc69aa460c83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd60ed6e6cab64da3055b2ec768a06facdbe7b8b83d5596aa8fffc69aa460c83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_python.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 74306, "scanner": "repobility-threat-engine", "fingerprint": "65e8eeb4e12260c1fe740df596dbaed3169275b368027bbe8cf8a263fdc3fee9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(N", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|65e8eeb4e12260c1fe740df596dbaed3169275b368027bbe8cf8a263fdc3fee9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "objectivec/GPBWellKnownTypes.m"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 74305, "scanner": "repobility-threat-engine", "fingerprint": "3b3192e14940ba9d775901035bb2ac4561364325e5de0de9a4fee65ac5a01316", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(M", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3b3192e14940ba9d775901035bb2ac4561364325e5de0de9a4fee65ac5a01316"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "csharp/src/Google.Protobuf/WellKnownTypes/AnyPartial.cs"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 74304, "scanner": "repobility-threat-engine", "fingerprint": "8c1feba2d4185885a932997ffae5f53f0c6860ffa6e247cec3db7e860b336b97", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8c1feba2d4185885a932997ffae5f53f0c6860ffa6e247cec3db7e860b336b97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/binary_json_conformance_suite.h"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC131", "level": "error", "message": {"text": "[SEC131] Eval/exec on input \u2014 Stack Overflow snippet shape (AI copy-paste): eval/exec invoked on user-controllable input \u2014 the shape of a Stack Overflow answer that an AI copy-pasted without realizing the input side became attacker-controlled. RCE. CWE-95 / CWE-94. The comment trail in AI-pasted code often retains the SO attribution comment, making this distinguishable from intentional eval."}, "properties": {"repobilityId": 74303, "scanner": "repobility-threat-engine", "fingerprint": "94975e87bc6c94c8a7c7e3e72bb5228f18299c90787783775fc55589a1f3b9a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(open(sys.argv[1]).read(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC131", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94975e87bc6c94c8a7c7e3e72bb5228f18299c90787783775fc55589a1f3b9a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmake/dependencies_generator.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 74302, "scanner": "repobility-threat-engine", "fingerprint": "4855d8e414bad75efb79c9f9986ee29f8bfb91a0bb40fa233d03299e8ede7642", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(open", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4855d8e414bad75efb79c9f9986ee29f8bfb91a0bb40fa233d03299e8ede7642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmake/dependencies_generator.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 74292, "scanner": "repobility-threat-engine", "fingerprint": "d1f129b759dc4c3020e3f6376554a4220b1a4f8227dbb150d1a684cf8f342514", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1f129b759dc4c3020e3f6376554a4220b1a4f8227dbb150d1a684cf8f342514"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/compare.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED125", "level": "error", "message": {"text": "[MINED125] GHA script injection via github.event.pull_request.body in run-step: Multi-line `run: |` block interpolates ${{ github.event.pull_request.body }} into shell. PR title/body/branch/comment fields are attacker-controllable."}, "properties": {"repobilityId": 74492, "scanner": "repobility-supply-chain", "fingerprint": "634ee6b02da517cbc67ce599f2e657827cfc6b8af1b08c646dac9714d1cb19ff", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-script-injection", "owasp": "A03:2021", "cwe_ids": ["CWE-78", "CWE-94"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|634ee6b02da517cbc67ce599f2e657827cfc6b8af1b08c646dac9714d1cb19ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_runner.yml"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74429, "scanner": "repobility-ast-engine", "fingerprint": "1a01bb6cecba4eb09950910bb07a248001ac1ae2d056756bd1bb434798bf0995", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a01bb6cecba4eb09950910bb07a248001ac1ae2d056756bd1bb434798bf0995"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/descriptor_test.py"}, "region": {"startLine": 1095}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74428, "scanner": "repobility-ast-engine", "fingerprint": "cf900076bc893234b7cfbed1b92babf076ec51e2407bed4e2444593328b572a5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf900076bc893234b7cfbed1b92babf076ec51e2407bed4e2444593328b572a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/thread_safe_test.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74421, "scanner": "repobility-ast-engine", "fingerprint": "69bf22e371680d0ed77f8eb335c0c42c96630591d9c62d8d58ecbe6a00cfc991", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69bf22e371680d0ed77f8eb335c0c42c96630591d9c62d8d58ecbe6a00cfc991"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/wire_format.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `struct` used but not imported: The file uses `struct.something(...)` but never imports `struct`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74420, "scanner": "repobility-ast-engine", "fingerprint": "ce294c95dae537becb72ac78beeab864d3db842aa4d39510df88652cd600619c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce294c95dae537becb72ac78beeab864d3db842aa4d39510df88652cd600619c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/internal/well_known_types_test.py"}, "region": {"startLine": 721}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74411, "scanner": "repobility-ast-engine", "fingerprint": "978b92ce50c4c74511780cabceff90f2ee73496ddc54aeecf8628aeb26fc87ce", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|978b92ce50c4c74511780cabceff90f2ee73496ddc54aeecf8628aeb26fc87ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/descriptor_database.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 74408, "scanner": "repobility-ast-engine", "fingerprint": "ff6f851ead14d42c12ff911aa38ae9c902a892fa05093a78d05dd2dc6aeaa24e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff6f851ead14d42c12ff911aa38ae9c902a892fa05093a78d05dd2dc6aeaa24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/google/protobuf/descriptor_pool.py"}, "region": {"startLine": 1049}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 74309, "scanner": "repobility-threat-engine", "fingerprint": "4206ffa4e1764fb8e3f6fe48b882fabc31c258ad5dddeea2e55fb09ddf5b330c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4206ffa4e1764fb8e3f6fe48b882fabc31c258ad5dddeea2e55fb09ddf5b330c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_test_runner.cc"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 74308, "scanner": "repobility-threat-engine", "fingerprint": "d0dbfcaaba0514cf5e4560bf57f88ca5cf50fa302858784344134fda3a0b4e8e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d0dbfcaaba0514cf5e4560bf57f88ca5cf50fa302858784344134fda3a0b4e8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/conformance_cpp.cc"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 74307, "scanner": "repobility-threat-engine", "fingerprint": "7ce530dcf12c9ef34e88ca74a67b0c33101f452ebab382bd170cf02b633b3713", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7ce530dcf12c9ef34e88ca74a67b0c33101f452ebab382bd170cf02b633b3713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conformance/binary_wireformat.h"}, "region": {"startLine": 80}}}]}]}]}