{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "TEST002", "name": "Function is stub-only (pass/raise NotImplementedError)", "shortDescription": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "fullDescription": {"text": "Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"scanner": "repobility", "category": "test_quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CORS001", "name": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin", "shortDescription": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "fullDescription": {"text": "Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"scanner": "repobility", "category": "auth", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SUPC002", "name": "Supply chain \u2014 npm install without lockfile", "shortDescription": {"text": "Supply chain \u2014 npm install without lockfile"}, "fullDescription": {"text": "Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"scanner": "repobility", "category": "supply_chain", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "QUAL007", "name": "Imported but never used", "shortDescription": {"text": "Imported but never used"}, "fullDescription": {"text": "AST detector: dead-imports"}, "properties": {"scanner": "repobility", "category": "quality", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "QUAL006", "name": "Floats used for monetary values", "shortDescription": {"text": "Floats used for monetary values"}, "fullDescription": {"text": "Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "TEST001", "name": "Phantom test coverage \u2014 test files without real assertions", "shortDescription": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "fullDescription": {"text": "Test function that runs code but contains no assert/expect/should \u2014 passes regardless of behaviour."}, "properties": {"scanner": "repobility", "category": "test_quality", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERRH003", "name": "except BaseException \u2014 catches SystemExit/KeyboardInterrupt", "shortDescription": {"text": "except BaseException \u2014 catches SystemExit/KeyboardInterrupt"}, "fullDescription": {"text": "except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERRH001", "name": "Bare except: pass \u2014 silent failure", "shortDescription": {"text": "Bare except: pass \u2014 silent failure"}, "fullDescription": {"text": "except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "high", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SUPC001", "name": "Supply chain \u2014 curl | bash anti-pattern", "shortDescription": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "fullDescription": {"text": "curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"scanner": "repobility", "category": "supply_chain", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SECR004", "name": "Password embedded in URL", "shortDescription": {"text": "Password embedded in URL"}, "fullDescription": {"text": "https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "DSER001", "name": "Insecure deserialization \u2014 pickle/yaml/marshal", "shortDescription": {"text": "Insecure deserialization \u2014 pickle/yaml/marshal"}, "fullDescription": {"text": "pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"scanner": "repobility", "category": "deserialization", "severity": "critical", "confidence": 0.85, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/276"}, "properties": {"repository": "cocoindex-io/cocoindex", "repoUrl": "https://github.com/cocoindex-io/cocoindex", "branch": "main"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21825, "scanner": "repobility", "fingerprint": "ba6bd10f11f59e68570b39800aa3b4fe", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 64", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/validation.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21270, "scanner": "repobility", "fingerprint": "42cf4511f3a216fbf77467e3c55a3fae", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def load_engine_object(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/engine_object.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21269, "scanner": "repobility", "fingerprint": "86c85938a3a4d3b6cceab1ec6b024afa", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def load_engine_object(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/engine_object.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21268, "scanner": "repobility", "fingerprint": "2def447f4c926dd71808e5b15e56884d", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def __len__(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/typing.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21267, "scanner": "repobility", "fingerprint": "c71e11ebd17a4ee3f235d54ad3cdeb2c", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def __getitem__(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/typing.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21266, "scanner": "repobility", "fingerprint": "a9ce319ba18ad0206755a01fd8780436", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def parse_cors_origins(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21265, "scanner": "repobility", "fingerprint": "673067c78d40d780e7f97da79fad28e3", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def parse_cors_origins(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21264, "scanner": "repobility", "fingerprint": "392c0f13a9e095d2cef463d1a886018f", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def encode_enriched_type(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/engine_type.py"}, "region": {"startLine": 428}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21263, "scanner": "repobility", "fingerprint": "02cf4b4c6bae6d4b0bc79fd7f265964b", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def encode_enriched_type(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/engine_type.py"}, "region": {"startLine": 424}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21262, "scanner": "repobility", "fingerprint": "f85a7dfdeaafc02724a1af25f010fe30", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def settings(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/lib.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21261, "scanner": "repobility", "fingerprint": "32f0ddf681fa5434c6a779840152f725", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def settings(...): ...", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/lib.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15784, "scanner": "repobility", "fingerprint": "7a3616c4f80b073e65b6df1d6ceab7a9", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins = list(cors_origins)", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 776}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15783, "scanner": "repobility", "fingerprint": "c0292bcfb348e11e9c8c8e122c3c7d6d", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins.add(f\"http://localhost:{cors_local}\")", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 775}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15782, "scanner": "repobility", "fingerprint": "11852ae7582021b46d52042dc7b97599", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins.add(COCOINDEX_HOST)", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 773}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15781, "scanner": "repobility", "fingerprint": "e56efcb8e38b7c135b4e18dbc9bee6ea", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins.update(setting.ServerSettings.parse_cors_origins(cors_origin))", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 771}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15780, "scanner": "repobility", "fingerprint": "6870642fadaa703f8a9bc4c6c240cad0", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origin is not None:", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 770}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15779, "scanner": "repobility", "fingerprint": "b24baf8977456b999d718a68be4f02ec", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins: set[str] = set(server_settings.cors_origins or [])", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 769}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15778, "scanner": "repobility", "fingerprint": "35d2c7bc4cda8c7ecd98386dc1735861", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origin: str | None = None,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 729}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15777, "scanner": "repobility", "fingerprint": "13c6d2d01fdc0323ab5c334638b84ef5", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origin,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 668}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15776, "scanner": "repobility", "fingerprint": "9426d37f447502dcdc23bd8210cefa62", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origin: str | None,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 652}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15775, "scanner": "repobility", "fingerprint": "5cb2c0b8ebc95d00978838fde0d3cfcb", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors-origin\",", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/cli.py"}, "region": {"startLine": 560}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15774, "scanner": "repobility", "fingerprint": "ca6a920740bba77abf47162825f0f968", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins(s: str | None) -> list[str] | None:", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15773, "scanner": "repobility", "fingerprint": "a63697317e5e51ec3714ac036d241416", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins(s: str | None) -> list[str] | None: ...", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15772, "scanner": "repobility", "fingerprint": "23dabb3a2fd95e356976c9c3573e472d", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins(s: str) -> list[str]: ...", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15771, "scanner": "repobility", "fingerprint": "89c81aafe134450b4bbc61b189f0e4e2", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15770, "scanner": "repobility", "fingerprint": "1783a6ea05f44df65780747b331aab90", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins\",", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15769, "scanner": "repobility", "fingerprint": "1c6b39546f12b601c1f236f98e6f1306", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins: list[str] | None = None", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15768, "scanner": "repobility", "fingerprint": "4512bc5217cfabf19e24e21ec431490c", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cocoindex/src/server.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15767, "scanner": "repobility", "fingerprint": "d17eb78fcf49accc693260e383643df4", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins.is_empty() {", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cocoindex/src/server.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15766, "scanner": "repobility", "fingerprint": "da32efa8b86bebe777cba322feaee1b9", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins: Vec<String>,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cocoindex/src/server.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "SUPC002", "level": "warning", "message": {"text": "Supply chain \u2014 npm install without lockfile"}, "properties": {"repobilityId": 15630, "scanner": "repobility", "fingerprint": "eafd84f4995ba93c8139237f892036e8", "category": "supply_chain", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "RUN pip install", "aljefra_cwe": ["CWE-1357"], "aljefra_owasp": "A06:2021", "aljefra_pattern_slug": "npm-install-no-lockfile"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/fastapi_server_docker/dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13599, "scanner": "repobility", "fingerprint": "bb77971222484b50ad339158dc2d16e5", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/cocoindex/src/server.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13598, "scanner": "repobility", "fingerprint": "f3f0bf2dd5773c312634e54c46c1335b", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: documentation/example path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_search/frontend/src/App.jsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 13597, "scanner": "repobility", "fingerprint": "c3636e9a48fb9b8398a88372dbd11e1d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: documentation/example path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/image_search/frontend/src/App.jsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 8543, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 3, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 8542, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Axum"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 8537, "scanner": "repobility-threat-engine", "fingerprint": "9f5368ce7a864fc43c36101d0aedbe1c4a3c2c36ee9ae2e8896d61ba68d4aa47", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|1069|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/_internal/function.py"}, "region": {"startLine": 1069}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 8536, "scanner": "repobility-threat-engine", "fingerprint": "2b7437eb76c3b3ba2e8ee4e59bf1edf28b65c8d752e7a01087d60d2e1df68c31", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|173|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/_internal/runner.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8534, "scanner": "repobility-threat-engine", "fingerprint": "e53250170374a29664cb32074292ab462086e63c5331790de21d9695c7b6a2fa", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e53250170374a29664cb32074292ab462086e63c5331790de21d9695c7b6a2fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/qdrant/_target.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8533, "scanner": "repobility-threat-engine", "fingerprint": "387ca8df20755a2081f287eb063e96822749231d8a3b981265f5004656402bee", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|387ca8df20755a2081f287eb063e96822749231d8a3b981265f5004656402bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/_internal/runner.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 8532, "scanner": "repobility-threat-engine", "fingerprint": "fffb79839c7122bf7e702e6f9530ff38240d954e12a8b77ba2640aeb5f98c65f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fffb79839c7122bf7e702e6f9530ff38240d954e12a8b77ba2640aeb5f98c65f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/_internal/environment.py"}, "region": {"startLine": 533}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 8526, "scanner": "repobility-agent-runtime", "fingerprint": "0a7dab61f15336af272425b0a68470440f01213f0d89435c0744fd97c6097081", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0a7dab61f15336af272425b0a68470440f01213f0d89435c0744fd97c6097081"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/src/content/docs/contributing/setup_dev_environment.mdx"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e35818af571fa0f809d1239f697c4dd0717f1fd939017284d244b3d5e5388ca9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cocoindex/_internal/setting.py", "duplicate_line": 16, "correlation_key": "fp|e35818af571fa0f809d1239f697c4dd0717f1fd939017284d244b3d5e5388ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/setting.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd9e665c1a76c6a470172c8bf3c11506a9fc543df667f591788fa7abe7bd6209", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cocoindex/connectors/qdrant/_target.py", "duplicate_line": 334, "correlation_key": "fp|fd9e665c1a76c6a470172c8bf3c11506a9fc543df667f591788fa7abe7bd6209"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/turbopuffer/_target.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c7b97e89afde74db82337e3651cc2cc3a3673f6264b8c3afc363542ab696f83", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cocoindex/connectors/falkordb/_cypher.py", "duplicate_line": 75, "correlation_key": "fp|0c7b97e89afde74db82337e3651cc2cc3a3673f6264b8c3afc363542ab696f83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/neo4j/_cypher.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 8544, "scanner": "repobility-web-presence", "fingerprint": "2058a3f9d56354b1b9951fd5f15ca942cbb2439d7cb0a4efbc09b13a58d0034d", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|2058a3f9d56354b1b9951fd5f15ca942cbb2439d7cb0a4efbc09b13a58d0034d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/public/robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC004", "level": "note", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 8540, "scanner": "repobility-threat-engine", "fingerprint": "9fe00bac4db331cbcdcc8e4c883935f08e76ed7b6ff9aebb9543556696697f9e", "category": "injection", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "evidence": {"match": "delete_sql = f\"DELETE", "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "code|injection|token|496|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/sqlite/_target.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "SEC004", "level": "none", "message": {"text": "[SEC004] SQL Injection Risk (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 8541, "scanner": "repobility-threat-engine", "fingerprint": "402803a4488b136e50cf5da9e3b45d2b73fd564c0b15ea70616f1598f1198a44", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|402803a4488b136e50cf5da9e3b45d2b73fd564c0b15ea70616f1598f1198a44"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 8535, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 8531, "scanner": "repobility-threat-engine", "fingerprint": "f982af5e5eb32f51d94a6bd984f09890b166d9818b09be4559efecf3a5d529b5", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "print(\"TURBOPUFFER_API_KEY is not set\", file=sys.stderr)", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|14|print turbopuffer_api_key is not set file sys.stderr"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/text_embedding_turbopuffer/main.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "SEC022", "level": "none", "message": {"text": "[SEC022] Database URL With Embedded Credential (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 8530, "scanner": "repobility-threat-engine", "fingerprint": "680d189f86db4094fe72bfd797d01c252b1047f7b49fed1cf1e0d4e1de4b59dd", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|680d189f86db4094fe72bfd797d01c252b1047f7b49fed1cf1e0d4e1de4b59dd"}}}, {"ruleId": "QUAL007", "level": "error", "message": {"text": "Imported but never used"}, "properties": {"repobilityId": 22349, "scanner": "repobility", "fingerprint": "c22c321cd6396b9ffb1f944505dd98e4", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "unused import: __future__.annotations (as annotations)", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "dead-imports"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "/tank0/claude-archive/opus47/cocoindex-io__cocoindex/python/cocoindex/flow.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22279, "scanner": "repobility", "fingerprint": "c6efb9414a0c8462079d4e7bed98055c", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "total: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 1450}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22278, "scanner": "repobility", "fingerprint": "52c7ec3e55ffad75ba3d93b0d31fd083", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 1411}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22277, "scanner": "repobility", "fingerprint": "da5e92ab31b68d2d9933e912d093712c", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 1290}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22276, "scanner": "repobility", "fingerprint": "582e791e1a243a09dce475264c1e5e03", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 1261}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22275, "scanner": "repobility", "fingerprint": "bf88754780d29f0e01aed2dec7524e07", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22274, "scanner": "repobility", "fingerprint": "00e4985c1ebae857ff5775ab50223af9", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22273, "scanner": "repobility", "fingerprint": "8b38a0646b073dfc5bc4451bc2e28a24", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22272, "scanner": "repobility", "fingerprint": "ababc2ee3d0e2d980c901691963540a0", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price=float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/product_recommendation/main.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22271, "scanner": "repobility", "fingerprint": "d44f9a98e4d3c6ef9103706f69f32f5b", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/product_recommendation/main.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "QUAL006", "level": "error", "message": {"text": "Floats used for monetary values"}, "properties": {"repobilityId": 22270, "scanner": "repobility", "fingerprint": "ec5f3707c85e88a6a89f8cba7b095f8d", "category": "quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "price: float", "aljefra_cwe": ["CWE-682"], "aljefra_owasp": null, "aljefra_pattern_slug": "floats-for-money"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/postgres_source/main.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19072, "scanner": "repobility", "fingerprint": "e2db7ac22b1c31cc96091e1a0054853b", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_valid_identifiers", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/targets/test_doris_unit.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19071, "scanner": "repobility", "fingerprint": "9d9a162f1799d8a3e880fbf1612a7d9e", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_union_with_inactive_uuid", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 666}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19070, "scanner": "repobility", "fingerprint": "3ad01f302475d5e85d2caf05babdc1bb", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_union_with_active_uuid", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 660}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19069, "scanner": "repobility", "fingerprint": "e0fb9e6ec5d4ff7b6c9dfd3a4b804f3e", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_union_simple", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 654}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19068, "scanner": "repobility", "fingerprint": "3d1bb14bbebcf2c0980df2f01b9b3e46", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_struct", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19067, "scanner": "repobility", "fingerprint": "9eccb7fb49b534e0a9b97bf88616d2ef", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_json", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19066, "scanner": "repobility", "fingerprint": "2af1347b44ace539801fe34ce3ec1eb7", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_timedelta", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 390}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19065, "scanner": "repobility", "fingerprint": "ef4c36625a0615e1cd1cf1277d6b8dd6", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_time", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19064, "scanner": "repobility", "fingerprint": "6b929b7aee09fdd2029f3c6c4cfce777", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_range", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19063, "scanner": "repobility", "fingerprint": "81b0d8993c4f90200732c3b43f39cc84", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_uuid", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 326}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19062, "scanner": "repobility", "fingerprint": "3e9c87322312b2ddd271be2628a9dc3f", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_roundtrip_basic_types", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_engine_value.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19061, "scanner": "repobility", "fingerprint": "9e7155ac17730a0ba348a5efb2ef3063", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_valid_field_names", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_validation.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "ERRH003", "level": "error", "message": {"text": "except BaseException \u2014 catches SystemExit/KeyboardInterrupt"}, "properties": {"repobilityId": 18473, "scanner": "repobility", "fingerprint": "2a23dd9e63545714e82aa8b4b1f2845f", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except KeyboardInterrupt", "aljefra_cwe": ["CWE-705"], "aljefra_owasp": null, "aljefra_pattern_slug": "overcatch-baseexception"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/runtime.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "ERRH003", "level": "error", "message": {"text": "except BaseException \u2014 catches SystemExit/KeyboardInterrupt"}, "properties": {"repobilityId": 18472, "scanner": "repobility", "fingerprint": "e82c0c2040af7daf2f7d7983a7eafac0", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except KeyboardInterrupt", "aljefra_cwe": ["CWE-705"], "aljefra_owasp": null, "aljefra_pattern_slug": "overcatch-baseexception"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/live_updates/main.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17634, "scanner": "repobility", "fingerprint": "8e00246b6a4d269934d0df08219b1c17", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/targets/test_doris_integration.py"}, "region": {"startLine": 3160}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17633, "scanner": "repobility", "fingerprint": "81095b08b0f796e56f550a63a02161d8", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/targets/test_doris_integration.py"}, "region": {"startLine": 1826}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17632, "scanner": "repobility", "fingerprint": "baff613fbe3c1035540ccc27209be315", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/targets/test_doris_integration.py"}, "region": {"startLine": 1630}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17631, "scanner": "repobility", "fingerprint": "e1bfaef40844fd9ad959fbdf500fc9b4", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/targets/test_doris_integration.py"}, "region": {"startLine": 1563}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17630, "scanner": "repobility", "fingerprint": "ded267153b186a363b90f044cd19d95a", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_optional_database.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17629, "scanner": "repobility", "fingerprint": "efc25bfca091b14ac7e3dd03d3cd8784", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_optional_database.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17628, "scanner": "repobility", "fingerprint": "2236bac27b827ed55dd522752073a875", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_optional_database.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17627, "scanner": "repobility", "fingerprint": "33a0f75a82a480868e7af78fa1b2c4d3", "category": "error_handling", "severity": "high", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/tests/test_optional_database.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17626, "scanner": "repobility", "fingerprint": "74fca73918d73bde673122ec4485fa8f", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/subprocess_exec.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "SUPC001", "level": "error", "message": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "properties": {"repobilityId": 15522, "scanner": "repobility", "fingerprint": "d49f02a72bb7b2731e9275724fd41eaf", "category": "supply_chain", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "curl -sSL https://doris.apache.org/files/start-doris.sh | bash", "aljefra_cwe": ["CWE-494"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "curl-pipe-bash"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sec_edgar_analytics/docker-compose.yml"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 8539, "scanner": "repobility-threat-engine", "fingerprint": "225c58ac41c927a1a8a4b5d5521bd63bb0621f21a3393a9e615a840c731f73c8", "category": "injection", "severity": "high", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "evidence": {"match": "sql = f\"DELETE", "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|696|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/doris/_target.py"}, "region": {"startLine": 696}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 8538, "scanner": "repobility-threat-engine", "fingerprint": "7a52a64cd578891da9cccf1d56e79e5d77a1d17d3bd3d91fe6085a8bc0da90fb", "category": "injection", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "evidence": {"match": "query = f\"SELECT", "reason": "SQL string interpolation is near request/data/parameter input; user-controlled taint is plausible.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "code|injection|token|132|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/connectors/postgres/_source.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "SECR004", "level": "error", "message": {"text": "Password embedded in URL"}, "properties": {"repobilityId": 16764, "scanner": "repobility", "fingerprint": "4108d3eaf72a7fd7c017ffe335461d23", "category": "credential_exposure", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "postgres://cocoindex:cocoindex@", "aljefra_cwe": ["CWE-200"], "aljefra_owasp": "A07:2021", "aljefra_pattern_slug": "password-in-url"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/postgres_source/prepare_source_data.sql"}, "region": {"startLine": 2}}}]}, {"ruleId": "DSER001", "level": "error", "message": {"text": "Insecure deserialization \u2014 pickle/yaml/marshal"}, "properties": {"repobilityId": 15816, "scanner": "repobility", "fingerprint": "fd7b7d0135d861915aa9a531d48be0a8", "category": "deserialization", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "pickle.loads", "aljefra_cwe": ["CWE-502"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "unsafe-deserialization-pickle"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cocoindex/subprocess_exec.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8529, "scanner": "repobility-threat-engine", "fingerprint": "a5b262b597b99092d4d804fc9ac7fe70c3394c0d491930269b7ead0a64804907", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "postgres://cocoindex:cocoindex@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|4|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/entire_session_search/main.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8528, "scanner": "repobility-threat-engine", "fingerprint": "31208cd5cdb85437474cf4dd2f260cf0218d969aeda406b1285dead288c1bbd2", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "postgres://cocoindex:cocoindex@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/code_embedding/main.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 8527, "scanner": "repobility-threat-engine", "fingerprint": "c64f15196a09930e9c83af6bb24cb93b4afe7da11fb7469670663dd44cb3b3ba", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: documentation/example path]", "evidence": {"match": "postgres://cocoindex:cocoindex@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|2|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/audio_to_text/main.py"}, "region": {"startLine": 25}}}]}]}]}