{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `weasyprint` has no version pin", "shortDescription": {"text": "requirements.txt: `weasyprint` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.value` used but never assigned in __init__", "shortDescription": {"text": "`self.value` used but never assigned in __init__"}, "fullDescription": {"text": "Method `__str__` of class `Colors` reads `self.value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_stage", "shortDescription": {"text": "Phantom test coverage: test_stage"}, "fullDescription": {"text": "Test function `test_stage` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/869"}, "properties": {"repository": "tldr-pages/tldr", "repoUrl": "https://github.com/tldr-pages/tldr", "branch": "main"}, "results": [{"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=3, if=5, nested_bonus=9."}, "properties": {"repobilityId": 79384, "scanner": "repobility-threat-engine", "fingerprint": "043e43811df32662563044e6b7a11da4e414dbb6d287a3b373be3ebd72892117", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 5, "for": 3, "elif": 1, "nested_bonus": 9}, "complexity": 18, "correlation_key": "fp|043e43811df32662563044e6b7a11da4e414dbb6d287a3b373be3ebd72892117"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-more-info-link.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=3, if=6, nested_bonus=7."}, "properties": {"repobilityId": 79383, "scanner": "repobility-threat-engine", "fingerprint": "45b47e6ffc969f82b1ddb2cbcbf1a1528a0155a06e64c361f30e85e5c64334bb", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "for": 3, "continue": 1, "nested_bonus": 7}, "complexity": 17, "correlation_key": "fp|45b47e6ffc969f82b1ddb2cbcbf1a1528a0155a06e64c361f30e85e5c64334bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pdf/render.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `weasyprint` has no version pin"}, "properties": {"repobilityId": 79380, "scanner": "repobility-supply-chain", "fingerprint": "ba0121521cc91e8ba06db31ec96edab4fe92aea85127d31e7c1178fac34edd8a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ba0121521cc91e8ba06db31ec96edab4fe92aea85127d31e7c1178fac34edd8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pdf/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `markdown` has no version pin"}, "properties": {"repobilityId": 79379, "scanner": "repobility-supply-chain", "fingerprint": "1025f55f9369ae07fe4eaafd4bdf1ca45d37a6252937348e0f09873eb1106c0c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1025f55f9369ae07fe4eaafd4bdf1ca45d37a6252937348e0f09873eb1106c0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pdf/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79378, "scanner": "repobility-ast-engine", "fingerprint": "099b552e29cf0054f8479ca91d84e8641c8785cb9c348170e2eda076ca74548a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|099b552e29cf0054f8479ca91d84e8641c8785cb9c348170e2eda076ca74548a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wrong-filename.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 79393, "scanner": "repobility-web-presence", "fingerprint": "a193a6e7749fa2fe505c57acf8cee57b33b74813be34050f468654520fa38867", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|a193a6e7749fa2fe505c57acf8cee57b33b74813be34050f468654520fa38867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pages/common/bing-rewards.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `set_link` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, for=1, if=6, nested_bonus=2."}, "properties": {"repobilityId": 79385, "scanner": "repobility-threat-engine", "fingerprint": "ea497859fad5f15a4b6820408e4e91ee9fe3d87c6719da6ffe4fe57a2f0ba54b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "set_link", "breakdown": {"if": 6, "for": 1, "else": 1, "break": 1, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|ea497859fad5f15a4b6820408e4e91ee9fe3d87c6719da6ffe4fe57a2f0ba54b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-more-info-link.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03289d954e59c38de37716f612732da371376928dc89f23c9715b76549d4f72f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/set-more-info-link.py", "duplicate_line": 115, "correlation_key": "fp|03289d954e59c38de37716f612732da371376928dc89f23c9715b76549d4f72f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-see-also.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd672cdc621694b1e5272f069ef1901536750e50d6c63c62fe63969bdbbcb89b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/set-alias-page.py", "duplicate_line": 43, "correlation_key": "fp|fd672cdc621694b1e5272f069ef1901536750e50d6c63c62fe63969bdbbcb89b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-see-also.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f05f7ad2b9999b4ac3934daa6620577ea4850fd3c9125a7bf51ed8710fc2443c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/set-more-info-link.py", "duplicate_line": 188, "correlation_key": "fp|f05f7ad2b9999b4ac3934daa6620577ea4850fd3c9125a7bf51ed8710fc2443c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-page-title.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcfc5abafb53ae5e029e4c0aa8b6d6258f257d7b4f1936126da55a5edd0357c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/set-alias-page.py", "duplicate_line": 43, "correlation_key": "fp|fcfc5abafb53ae5e029e4c0aa8b6d6258f257d7b4f1936126da55a5edd0357c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-more-info-link.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 79392, "scanner": "repobility-threat-engine", "fingerprint": "3c8b46858da73437ad1ab4e6bce2d68b33acc41a4b56068ddc728cca421209e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c8b46858da73437ad1ab4e6bce2d68b33acc41a4b56068ddc728cca421209e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/update-command.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 79391, "scanner": "repobility-threat-engine", "fingerprint": "1e529b501d6549ebce17a62a2a21a37046d791d264d1c41ec2ea99c26b5659a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1e529b501d6549ebce17a62a2a21a37046d791d264d1c41ec2ea99c26b5659a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-see-also.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 79390, "scanner": "repobility-threat-engine", "fingerprint": "5efc9fd24989823c74c094b85ab7c226c56e88a4cceca936763881c274ad0bdc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5efc9fd24989823c74c094b85ab7c226c56e88a4cceca936763881c274ad0bdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-more-info-link.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 79388, "scanner": "repobility-threat-engine", "fingerprint": "8d08043b12103f9a547c4aa687600da930ed7118cc30dbe7299d3f7ce9400da3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d08043b12103f9a547c4aa687600da930ed7118cc30dbe7299d3f7ce9400da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/send-to-bot.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 79386, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "for": 3, "continue": 1, "nested_bonus": 7}, "aggregated": true, "complexity": 17, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 79382, "scanner": "repobility-threat-engine", "fingerprint": "5e278bf92be8e4716cd118dc0686b51ae5ee6878b84b00de6d73a774977c04f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e278bf92be8e4716cd118dc0686b51ae5ee6878b84b00de6d73a774977c04f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-errors.sh"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 79381, "scanner": "repobility-threat-engine", "fingerprint": "a7b2dee0d1d5893c127866285809046a9e969872232b6e0dd3d62e8b94c71719", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a7b2dee0d1d5893c127866285809046a9e969872232b6e0dd3d62e8b94c71719"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/build-index.js"}, "region": {"startLine": 72}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 79370, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 79389, "scanner": "repobility-threat-engine", "fingerprint": "fae226204c354f1c5c18e5a3c01bc97ee6b1ac8f0f949fd52fa4331235e887c0", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\"<(.+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|174|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/set-more-info-link.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 79387, "scanner": "repobility-threat-engine", "fingerprint": "607b3ba287ebbc37aef54045950726fa2c837bb51bb052156ed75d3d9dbf5df7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|607b3ba287ebbc37aef54045950726fa2c837bb51bb052156ed75d3d9dbf5df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/send-to-bot.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 79377, "scanner": "repobility-ast-engine", "fingerprint": "8e638adcda57710046ea107a1e1d5d3888727f15f7966965101d42e9ab557491", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e638adcda57710046ea107a1e1d5d3888727f15f7966965101d42e9ab557491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_common.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_stage"}, "properties": {"repobilityId": 79376, "scanner": "repobility-ast-engine", "fingerprint": "27545c5030ad4bdcaffbfee3eff6966b1939589fa5403c2f07e516f081efa726", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27545c5030ad4bdcaffbfee3eff6966b1939589fa5403c2f07e516f081efa726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_common.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_target_paths"}, "properties": {"repobilityId": 79375, "scanner": "repobility-ast-engine", "fingerprint": "e069fa00870929b5e1fccc2cafa37a2cd2f81721b84111c05005f9c729849e44", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e069fa00870929b5e1fccc2cafa37a2cd2f81721b84111c05005f9c729849e44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_common.py"}, "region": {"startLine": 216}}}]}]}]}