{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `build_args` has cognitive complexity 20 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `build_args` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 20."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR013", "name": "Dockerfile ADD downloads remote content", "shortDescription": {"text": "Dockerfile ADD downloads remote content"}, "fullDescription": {"text": "ADD can fetch remote URLs without checksum verification. This makes builds dependent on mutable network content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `puppeteer-core` is minor version(s) behind (25.0.4 -> 25.1.0)", "shortDescription": {"text": "npm package `puppeteer-core` is minor version(s) behind (25.0.4 -> 25.1.0)"}, "fullDescription": {"text": "`puppeteer-core` is pinned/resolved at 25.0.4 but the latest stable release on the npm registry is 25.1.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._rewrite_version` used but never assigned in __init__", "shortDescription": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_wss_scheme_version` of class `TestHandlerURLRewriting` reads `self._rewrite_version`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_handle_still_raises_when_covered", "shortDescription": {"text": "Phantom test coverage: test_handle_still_raises_when_covered"}, "fullDescription": {"text": "Test function `test_handle_still_raises_when_covered` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED119", "name": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${T", "shortDescription": {"text": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${TARGETARCH}`"}, "fullDescription": {"text": "Dockerfile `ADD <url>` downloads a remote artifact into the image with no integrity check. If the host or DNS is compromised between layers \u2014 or if the URL serves a different file later \u2014 malicious content gets baked into the image."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest"}, "fullDescription": {"text": "`FROM cloakhq/cloakbrowser:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "GHSA-5xrq-8626-4rwp", "name": "vitest: GHSA-5xrq-8626-4rwp", "shortDescription": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "fullDescription": {"text": "When Vitest UI server is listening, arbitrary file can be read and executed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `locale` used but not imported", "shortDescription": {"text": "Missing import: `locale` used but not imported"}, "fullDescription": {"text": "The file uses `locale.something(...)` but never imports `locale`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/176"}, "properties": {"repository": "CloakHQ/CloakBrowser", "repoUrl": "https://github.com/CloakHQ/CloakBrowser", "branch": "main"}, "results": [{"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 52326, "scanner": "osv-scanner", "fingerprint": "9e6405257d8307bcb5f0a9d4179aa88a3505ab519be7d5cb67ce35d1d59bc714", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|js/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 52325, "scanner": "osv-scanner", "fingerprint": "f6b408c0c6716375fcf193712bbf8b5611af1061c21b59e1f4adc4f85070b526", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|js/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42875, "scanner": "repobility-ast-engine", "fingerprint": "163cea16e021a89d01afcddf3da78592362bed0d78ec22460c3ace079473de7b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|163cea16e021a89d01afcddf3da78592362bed0d78ec22460c3ace079473de7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2543}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42874, "scanner": "repobility-ast-engine", "fingerprint": "1e69ef32ad4aa191d99e88d7779a4af13a0774eb79e5f63e7ee2467469a9c0b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e69ef32ad4aa191d99e88d7779a4af13a0774eb79e5f63e7ee2467469a9c0b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42873, "scanner": "repobility-ast-engine", "fingerprint": "8adec019eced125c5bd66806db21b41172fcda196adb509fb68f2d17adfbd233", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8adec019eced125c5bd66806db21b41172fcda196adb509fb68f2d17adfbd233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1983}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42872, "scanner": "repobility-ast-engine", "fingerprint": "3224bea1f711205c0b0a4b5813f1f8ea730bcab6cf85e5ee234d0d7ddac4fd14", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3224bea1f711205c0b0a4b5813f1f8ea730bcab6cf85e5ee234d0d7ddac4fd14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1966}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42871, "scanner": "repobility-ast-engine", "fingerprint": "a3dd0f8d439b044caca1cd7e149ae03eba5fafd566cdb301abb00828466a95d3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3dd0f8d439b044caca1cd7e149ae03eba5fafd566cdb301abb00828466a95d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1614}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42870, "scanner": "repobility-ast-engine", "fingerprint": "0e054e991df4ee222c611c5799d7f08bf810e4ad43524b8d0ee8e1a73246bcb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e054e991df4ee222c611c5799d7f08bf810e4ad43524b8d0ee8e1a73246bcb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1369}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 42869, "scanner": "repobility-ast-engine", "fingerprint": "dcf7ca2e0aba40bddd23afff7e64f305322242c6a47fd8f608339b89b95b767a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcf7ca2e0aba40bddd23afff7e64f305322242c6a47fd8f608339b89b95b767a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2074}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37648, "scanner": "repobility-ast-engine", "fingerprint": "1e41255e1bec69e1ea560fa680874a69785c12855a905d1b1413bd91f7052786", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e41255e1bec69e1ea560fa680874a69785c12855a905d1b1413bd91f7052786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37647, "scanner": "repobility-ast-engine", "fingerprint": "9c7e962c7fc004275fbf5f1c7cc2ec4e1f2d3949d66b68084942043bbe4abdc3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c7e962c7fc004275fbf5f1c7cc2ec4e1f2d3949d66b68084942043bbe4abdc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 682}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37646, "scanner": "repobility-ast-engine", "fingerprint": "60b8939954961ba72bd53ce3353cd1ba3c0f1b160d081bb320fb3c34d6f0bc82", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60b8939954961ba72bd53ce3353cd1ba3c0f1b160d081bb320fb3c34d6f0bc82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37645, "scanner": "repobility-ast-engine", "fingerprint": "94694b075b1071649fa84f99939e202b88ffc9c1e52eda98e8f768a2285592ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94694b075b1071649fa84f99939e202b88ffc9c1e52eda98e8f768a2285592ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37644, "scanner": "repobility-ast-engine", "fingerprint": "753450857c2fc056e8540d350506484c8d433efcf90edf89a2be0827c35e4a84", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|753450857c2fc056e8540d350506484c8d433efcf90edf89a2be0827c35e4a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37643, "scanner": "repobility-ast-engine", "fingerprint": "b5b371ffd3f5bb90a99bc085f09baec231a8984469a626da91f8f80350bc7e64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5b371ffd3f5bb90a99bc085f09baec231a8984469a626da91f8f80350bc7e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2489}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37642, "scanner": "repobility-ast-engine", "fingerprint": "8aa3d3957a97cc591d3dc002f2edded463b40306732b9bb7465245f3f3e6b688", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aa3d3957a97cc591d3dc002f2edded463b40306732b9bb7465245f3f3e6b688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37641, "scanner": "repobility-ast-engine", "fingerprint": "7aa7d394d5343918675b1a48d31c63d8d55da359ae78989de4b2459463150a3f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7aa7d394d5343918675b1a48d31c63d8d55da359ae78989de4b2459463150a3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1956}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37640, "scanner": "repobility-ast-engine", "fingerprint": "cda65095de228fbe3b132f33bbcd471f63f91061d1b883ef4c48b0a18e7d4875", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cda65095de228fbe3b132f33bbcd471f63f91061d1b883ef4c48b0a18e7d4875"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1939}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37639, "scanner": "repobility-ast-engine", "fingerprint": "24f7f2476b3cfee4e05dd38a0c778f9b289af1d9049fa75aa6a1e468401193c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24f7f2476b3cfee4e05dd38a0c778f9b289af1d9049fa75aa6a1e468401193c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1587}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37638, "scanner": "repobility-ast-engine", "fingerprint": "7a195176562b26bc747cbc8958dbd0db6cab25593f9af696bfc4d4820548033b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a195176562b26bc747cbc8958dbd0db6cab25593f9af696bfc4d4820548033b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1354}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37637, "scanner": "repobility-ast-engine", "fingerprint": "a6431f1b8dec378eaa4d1dbeb14bf2f2d1c7aaaab04a4d7ec573c8beed11ebf8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6431f1b8dec378eaa4d1dbeb14bf2f2d1c7aaaab04a4d7ec573c8beed11ebf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1056}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37636, "scanner": "repobility-ast-engine", "fingerprint": "9a282faab59ba4e3f7353a0f44d5090c516d1d142839867fec00f957922fe471", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a282faab59ba4e3f7353a0f44d5090c516d1d142839867fec00f957922fe471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1039}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37635, "scanner": "repobility-ast-engine", "fingerprint": "8d601366e20bdc145891932ef39c623d4535c643962b6292aec1b32e3ee94d49", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d601366e20bdc145891932ef39c623d4535c643962b6292aec1b32e3ee94d49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 2047}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37634, "scanner": "repobility-ast-engine", "fingerprint": "b5d70a6303645ceceaf6c0479e2d88650f950d15981918d84a3268318951042b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5d70a6303645ceceaf6c0479e2d88650f950d15981918d84a3268318951042b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 1154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37633, "scanner": "repobility-ast-engine", "fingerprint": "fdc3dd100eb35c0374a9a7eba899e8f4f5a3de3eb43727af819e357390d2cb2b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdc3dd100eb35c0374a9a7eba899e8f4f5a3de3eb43727af819e357390d2cb2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37632, "scanner": "repobility-ast-engine", "fingerprint": "2266e81f7f305f947f32acc3c896f50fe8e49e68a2dee424b951395b475e4429", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2266e81f7f305f947f32acc3c896f50fe8e49e68a2dee424b951395b475e4429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37631, "scanner": "repobility-ast-engine", "fingerprint": "4c284c16cc97e8a985659ef299b9a9f33fcc650b60bf58368e32d42c736b5fd1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c284c16cc97e8a985659ef299b9a9f33fcc650b60bf58368e32d42c736b5fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37630, "scanner": "repobility-ast-engine", "fingerprint": "211a162b52d9396c638186675b2d232a301c414b14c890a1cfb3493c06638a23", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|211a162b52d9396c638186675b2d232a301c414b14c890a1cfb3493c06638a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37629, "scanner": "repobility-ast-engine", "fingerprint": "7ac0ae507df20d9d8584f71d1900a1f7cfe5fea16a283a481cc171eafeda4565", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac0ae507df20d9d8584f71d1900a1f7cfe5fea16a283a481cc171eafeda4565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37628, "scanner": "repobility-ast-engine", "fingerprint": "3533f1ffdae43382bc95aaaf292b191662a503a12f3c47f89ed71cf7d00201fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3533f1ffdae43382bc95aaaf292b191662a503a12f3c47f89ed71cf7d00201fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/__main__.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37627, "scanner": "repobility-ast-engine", "fingerprint": "2488dc0a4ab3c74bc38b36d3f70e8ce8ed80e577a607c1e1de4ab57b557f06f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2488dc0a4ab3c74bc38b36d3f70e8ce8ed80e577a607c1e1de4ab57b557f06f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37581, "scanner": "repobility-ast-engine", "fingerprint": "f8aa136191f2059938f576fb3b9af879df8c11f28230b85a6122c266ee8bdfbc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8aa136191f2059938f576fb3b9af879df8c11f28230b85a6122c266ee8bdfbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37580, "scanner": "repobility-ast-engine", "fingerprint": "134f57f7ae9b66a8b7e53e926edf83740035c2d1e07b4334cf280691eabfafb0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|134f57f7ae9b66a8b7e53e926edf83740035c2d1e07b4334cf280691eabfafb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37579, "scanner": "repobility-ast-engine", "fingerprint": "5247746e374b1f89cdb57acb1b243f25c9f685b3a72418e2c620d818a4153a04", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5247746e374b1f89cdb57acb1b243f25c9f685b3a72418e2c620d818a4153a04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 31137, "scanner": "repobility-threat-engine", "fingerprint": "5d0f7338dcedfff9885aeda854d481f19485afeb56de509b55e91601d7995c61", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "KEYS[lower];\n    const wrong = neighbors[Math.floor(Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d0f7338dcedfff9885aeda854d481f19485afeb56de509b55e91601d7995c61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/keyboard.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 31136, "scanner": "repobility-threat-engine", "fingerprint": "dbedfa86054e24154a6d740450dbb8ca46d5fd49ecde6213ac1d25e6349a5172", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * (max - min);\n}\n\n/** Random integer in [min, max] (inclusiv", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dbedfa86054e24154a6d740450dbb8ca46d5fd49ecde6213ac1d25e6349a5172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/config.ts"}, "region": {"startLine": 233}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 31135, "scanner": "repobility-threat-engine", "fingerprint": "e214f11db0010e80b9aa506da57201134ebf53f6d1e613d17dfbd5443c54391c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "KEYS[lower];\n    const wrong = neighbors[Math.floor(Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e214f11db0010e80b9aa506da57201134ebf53f6d1e613d17dfbd5443c54391c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/keyboard.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 31117, "scanner": "repobility-threat-engine", "fingerprint": "784ed6950f09225787be276f228563017a914936220e929510a7ed7f0bc7dc4c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        el = page.locator(selector).first\n        return await el.bounding_box(timeout=max(1, t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|784ed6950f09225787be276f228563017a914936220e929510a7ed7f0bc7dc4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 31116, "scanner": "repobility-threat-engine", "fingerprint": "19ea871c81aeebdab236989ebc72eeadef0c468f32d02527787632736157f1a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        el = page.locator(selector).first\n        return el.bounding_box(timeout=max(1, timeout", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|19ea871c81aeebdab236989ebc72eeadef0c468f32d02527787632736157f1a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 31115, "scanner": "repobility-threat-engine", "fingerprint": "b27456352693300805b37d15d84d10332e4d275c1474c24282b8b31dd17fa137", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n                        self._create_world()\n                    except Exception:", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b27456352693300805b37d15d84d10332e4d275c1474c24282b8b31dd17fa137"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `build_args` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=9, nested_bonus=8."}, "properties": {"repobilityId": 31108, "scanner": "repobility-threat-engine", "fingerprint": "a5b79494a4c85d5f0bb4c937e7775b384b5e81d6ab401d335b78550f9beb0484", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "AST-derived cognitive complexity score = 20 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "build_args", "breakdown": {"if": 9, "for": 3, "nested_bonus": 8}, "complexity": 20, "correlation_key": "fp|a5b79494a4c85d5f0bb4c937e7775b384b5e81d6ab401d335b78550f9beb0484"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 967}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 29328, "scanner": "repobility-threat-engine", "fingerprint": "4bab9ffedb3680937c56972986afb04e21a62ced8ac38b10365a4fd1a8bb5456", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4bab9ffedb3680937c56972986afb04e21a62ced8ac38b10365a4fd1a8bb5456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/index.ts"}, "region": {"startLine": 529}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10466, "scanner": "repobility-threat-engine", "fingerprint": "a12d1c72333cc62f1980326e7dd9f88675150f8944c7481c69a7e62269a9a2f7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a12d1c72333cc62f1980326e7dd9f88675150f8944c7481c69a7e62269a9a2f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 614}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10465, "scanner": "repobility-threat-engine", "fingerprint": "8083276db192adab497e504140ec49ce75aab8b29789008980f5f9a006bf2abb", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8083276db192adab497e504140ec49ce75aab8b29789008980f5f9a006bf2abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 10464, "scanner": "repobility-threat-engine", "fingerprint": "0ec8c3e9262c609cc390e6f6f522e4d7d2c5d9423c3ee1c9cc4c96922a3f58dc", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except BaseException:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ec8c3e9262c609cc390e6f6f522e4d7d2c5d9423c3ee1c9cc4c96922a3f58dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 701}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4996, "scanner": "repobility-threat-engine", "fingerprint": "8ead0800bff2b05226904399d5d8a4e1707f63893e197bbb3dde8b2c3b2ddfe9", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|8ead0800bff2b05226904399d5d8a4e1707f63893e197bbb3dde8b2c3b2ddfe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/lambda_handler.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 4921, "scanner": "repobility-docker", "fingerprint": "33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "cloakhq/cloakbrowser:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33c62806c549a8378b1553ce00f33556c41a3c7052de3ed6cfb66e25f4beb24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 4920, "scanner": "repobility-docker", "fingerprint": "168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|168778ceb0ae520f295a5bb5fb36c13e5e9266e53b38b053566162b6481d4ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 4919, "scanner": "repobility-docker", "fingerprint": "7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "cloakhq/cloakbrowser:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ab6922ba324d6d5736319ebcf58b4f6126ab0c50fa9b7fda72334e582e86dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 4918, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 4917, "scanner": "repobility-docker", "fingerprint": "bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4914, "scanner": "repobility-threat-engine", "fingerprint": "2aab218c18a4930a3237481b015f954097adcea1967a8bfea077634e763a3999", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2aab218c18a4930a3237481b015f954097adcea1967a8bfea077634e763a3999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 516}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4913, "scanner": "repobility-threat-engine", "fingerprint": "5526de076e5da13df1c37da43c3df8cffd186f064dc0e9951fc788b51dd43d77", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5526de076e5da13df1c37da43c3df8cffd186f064dc0e9951fc788b51dd43d77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/geoip.ts"}, "region": {"startLine": 341}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4912, "scanner": "repobility-threat-engine", "fingerprint": "56e5ec6f77600c92d2300f865c163b980d1aa5a6e137a899d783230504a78d4e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => { })", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|56e5ec6f77600c92d2300f865c163b980d1aa5a6e137a899d783230504a78d4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/download.ts"}, "region": {"startLine": 606}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4911, "scanner": "repobility-threat-engine", "fingerprint": "4572e986840f74b9ed3728890eaca127fdab4c1cb6043ed71867a3fcd83b7f10", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4572e986840f74b9ed3728890eaca127fdab4c1cb6043ed71867a3fcd83b7f10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/lambda_handler.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4910, "scanner": "repobility-threat-engine", "fingerprint": "09a2675c54f0958ddf67d100f40b0f240acf0deba74c68cf92f1fce5b6a65d76", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09a2675c54f0958ddf67d100f40b0f240acf0deba74c68cf92f1fce5b6a65d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/__init__.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 4909, "scanner": "repobility-threat-engine", "fingerprint": "d425780fe6371240849624c729e6df2d12b352089986ac8039125e2be7a516b1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except BaseException:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d425780fe6371240849624c729e6df2d12b352089986ac8039125e2be7a516b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 688}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 4904, "scanner": "repobility-threat-engine", "fingerprint": "02899cd37a49ef3237e1588e293599ea9c0953374225a1cc05a34fda20d282d8", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|cloakbrowser/download.py|330|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10355390963b688a1934b29262f7fbc5fcd16166b8c7a15cc009664f9ebae77b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 35, "correlation_key": "fp|10355390963b688a1934b29262f7fbc5fcd16166b8c7a15cc009664f9ebae77b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b8bf97fe350a31025517fb525a913f2b70f44c0c1de2be6264daed4e346f51c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 446, "correlation_key": "fp|2b8bf97fe350a31025517fb525a913f2b70f44c0c1de2be6264daed4e346f51c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/elementhandle.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b8866a0221c54b9730c86e17afb9c525f8fa99a65135ade4bf0eed416b15b41", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/scroll.py", "duplicate_line": 65, "correlation_key": "fp|2b8866a0221c54b9730c86e17afb9c525f8fa99a65135ade4bf0eed416b15b41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `puppeteer-core` is minor version(s) behind (25.0.4 -> 25.1.0)"}, "properties": {"repobilityId": 52318, "scanner": "repobility-dependency-currency", "fingerprint": "fa85ef17745c5d5395a4ebd547b362512c0e105046dc876c728af924319b3ea6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "puppeteer-core", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "25.1.0", "correlation_key": "fp|fa85ef17745c5d5395a4ebd547b362512c0e105046dc876c728af924319b3ea6", "current_version": "25.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `resolve_proxy_geo_with_ip` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=2, if=4, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 37658, "scanner": "repobility-threat-engine", "fingerprint": "b794fe24bc07a92a8c71abff841e3203672b5edf65eb66116241e0f579fd1732", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "resolve_proxy_geo_with_ip", "breakdown": {"if": 4, "except": 2, "ternary": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|b794fe24bc07a92a8c71abff841e3203672b5edf65eb66116241e0f579fd1732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_resolve_exit_ip` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=2, for=1, if=1, nested_bonus=4, or=1, ternary=1."}, "properties": {"repobilityId": 37657, "scanner": "repobility-threat-engine", "fingerprint": "e7b73fa9223ba517ffb24db4530a418d72ed2f99a1be1e23edca80577189f2aa", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_resolve_exit_ip", "breakdown": {"if": 1, "or": 1, "for": 1, "except": 2, "ternary": 1, "continue": 1, "nested_bonus": 4}, "complexity": 11, "correlation_key": "fp|e7b73fa9223ba517ffb24db4530a418d72ed2f99a1be1e23edca80577189f2aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_effective_version` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=3, nested_bonus=8."}, "properties": {"repobilityId": 37656, "scanner": "repobility-threat-engine", "fingerprint": "04508acd91eac83db4ba6cac1a8fc49514d07a64963fa208705bd442f57111a2", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "complexity": 13, "correlation_key": "fp|04508acd91eac83db4ba6cac1a8fc49514d07a64963fa208705bd442f57111a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `launch_persistent_context` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, if=5, or=2, recursion=1."}, "properties": {"repobilityId": 31110, "scanner": "repobility-threat-engine", "fingerprint": "0df8f595f2c28db9b52e9a143f46ce8ce1200175387cd5bbffd56b58aa1ab7dd", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "launch_persistent_context", "breakdown": {"if": 5, "or": 2, "elif": 1, "else": 1, "recursion": 1}, "complexity": 10, "correlation_key": "fp|0df8f595f2c28db9b52e9a143f46ce8ce1200175387cd5bbffd56b58aa1ab7dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `launch_context_async` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, except=2, if=5, nested_bonus=1, or=1."}, "properties": {"repobilityId": 31109, "scanner": "repobility-threat-engine", "fingerprint": "4f49131d6881ea0a96875aaf9a164b1e685a2a05f80566011a93a77ef4730a57", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "launch_context_async", "breakdown": {"if": 5, "or": 1, "elif": 1, "else": 1, "except": 2, "nested_bonus": 1}, "complexity": 11, "correlation_key": "fp|4f49131d6881ea0a96875aaf9a164b1e685a2a05f80566011a93a77ef4730a57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 600}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10463, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 35, "correlation_key": "fp|f8857b3cd634b663793af7e3b9beca2dcae1019440af00a8633d72a43ea92d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/index.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10462, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/index.ts", "duplicate_line": 446, "correlation_key": "fp|c7e139eb1e36a24e86ae559269e13aad014818bc7aa4bd16968f59daddefa716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/elementhandle.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10461, "scanner": "repobility-ai-code-hygiene", "fingerprint": "861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/scroll.py", "duplicate_line": 67, "correlation_key": "fp|861819ea1139986cc5e5afdf48196e647b4cedc94a2494c07b2b95f09b76573e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/scroll_async.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10460, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/actionability.py", "duplicate_line": 60, "correlation_key": "fp|2af51869bf270e57ccb56f225b97d898024e20aebb56f65f6766ce95f2fa0d6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/actionability_async.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/scroll.ts", "duplicate_line": 5, "correlation_key": "fp|8e5cc4f4a50fde9a7597daf725b1fd20c82676fed526a24661edbacc7a89dcc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/scroll.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "js/src/human-puppeteer/keyboard.ts", "duplicate_line": 5, "correlation_key": "fp|3c1211b9862b8e8853fdec5b8f179839607c14c51b017b908827dba364b3e713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/keyboard.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cloakbrowser/human/mouse.py", "duplicate_line": 45, "correlation_key": "fp|4980e2878902cf755a1c3d577e4919706bf7078097d29d8786d7477e0d6bb2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/mouse_async.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 52324, "scanner": "repobility-threat-engine", "fingerprint": "882cce1282fe60748e296da7d43dc32ca918d64a280294a6ea77037b247658a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|882cce1282fe60748e296da7d43dc32ca918d64a280294a6ea77037b247658a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 52323, "scanner": "repobility-threat-engine", "fingerprint": "cf9801dd85996fab1b505c6fd17560e75c2f3c83a9e1e42d05e2868596013442", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cf9801dd85996fab1b505c6fd17560e75c2f3c83a9e1e42d05e2868596013442"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/puppeteer.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 52322, "scanner": "repobility-threat-engine", "fingerprint": "69152f81cd06d8bb8b70fcf66a1aae22eccf9aa4c4c6a30b6a87b288bb92ce3f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69152f81cd06d8bb8b70fcf66a1aae22eccf9aa4c4c6a30b6a87b288bb92ce3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 52321, "scanner": "repobility-threat-engine", "fingerprint": "ea93f5492ff921e9618c4e30a2631c7b1a2bef829e99f8007e5face821b69969", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ea93f5492ff921e9618c4e30a2631c7b1a2bef829e99f8007e5face821b69969", "aggregated_count": 6}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 52320, "scanner": "repobility-threat-engine", "fingerprint": "4e2a8dcf50bbbaf093228b5bf41899293dfc769a821ae5c27d6f9b96c553b15b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "aggregated": true, "complexity": 13, "correlation_key": "fp|4e2a8dcf50bbbaf093228b5bf41899293dfc769a821ae5c27d6f9b96c553b15b", "aggregated_count": 10}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `tar` is patch version(s) behind (7.5.15 -> 7.5.16)"}, "properties": {"repobilityId": 52317, "scanner": "repobility-dependency-currency", "fingerprint": "e736cec8e1ef0f6a407a087c53c5c91ac2c99f43094da49663967d24b0cbee1d", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tar", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.5.16", "correlation_key": "fp|e736cec8e1ef0f6a407a087c53c5c91ac2c99f43094da49663967d24b0cbee1d", "current_version": "7.5.15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 42879, "scanner": "repobility-threat-engine", "fingerprint": "5c1932d4a524a806303ee6e92210081bc4c42e92bc412fbe682f26845665f1e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c1932d4a524a806303ee6e92210081bc4c42e92bc412fbe682f26845665f1e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 42878, "scanner": "repobility-threat-engine", "fingerprint": "df38b1c2c2df30474f6c0745dc3c4124141c4ec9fd501a78bf07f245f1d575ec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|df38b1c2c2df30474f6c0745dc3c4124141c4ec9fd501a78bf07f245f1d575ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 42877, "scanner": "repobility-threat-engine", "fingerprint": "eeb58fc5ddf2693845a9dbbca0fa082e27605767c5164f160b2378fb0c242205", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eeb58fc5ddf2693845a9dbbca0fa082e27605767c5164f160b2378fb0c242205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 42876, "scanner": "repobility-threat-engine", "fingerprint": "29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "aggregated": true, "complexity": 13, "correlation_key": "fp|29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "aggregated_count": 9}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 37664, "scanner": "repobility-threat-engine", "fingerprint": "35990d48f4e0b77ad1131d082a7569ef6e0671bf694febf92b644bcbff0443a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35990d48f4e0b77ad1131d082a7569ef6e0671bf694febf92b644bcbff0443a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 37663, "scanner": "repobility-threat-engine", "fingerprint": "3cd6687afd64f5ae96c96993eb38d28604b98efc12b7150ad81d90df3dd6454f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cd6687afd64f5ae96c96993eb38d28604b98efc12b7150ad81d90df3dd6454f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/mouse.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 37662, "scanner": "repobility-threat-engine", "fingerprint": "e7eab5ab734af4d37c0f39148bdc187d68c4ee3a5578790af2803bf23beedf2a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7eab5ab734af4d37c0f39148bdc187d68c4ee3a5578790af2803bf23beedf2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/puppeteer.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 37661, "scanner": "repobility-threat-engine", "fingerprint": "a64286b9194a732e1a8bbb3a6a87186838d8a8573b5351fb2dc0c52799b695fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a64286b9194a732e1a8bbb3a6a87186838d8a8573b5351fb2dc0c52799b695fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/playwright.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 37660, "scanner": "repobility-threat-engine", "fingerprint": "616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "aggregated_count": 5}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 37659, "scanner": "repobility-threat-engine", "fingerprint": "1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_effective_version", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 8}, "aggregated": true, "complexity": 13, "correlation_key": "fp|1f9cf34bb3a259b729d06f1f15ac7967805d490c0f74f5ba2d5409d957c7d6b7", "aggregated_count": 14}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37655, "scanner": "repobility-threat-engine", "fingerprint": "0d94e6494da13bf6407a48a6881510c6e822d09b2f89f44c81d7b5b1f3b58007", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d94e6494da13bf6407a48a6881510c6e822d09b2f89f44c81d7b5b1f3b58007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 31134, "scanner": "repobility-threat-engine", "fingerprint": "a76cbdc98f8dde1c3c34a513671d88e9a2f08a24d770d40bc43612ccd004bada", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a76cbdc98f8dde1c3c34a513671d88e9a2f08a24d770d40bc43612ccd004bada", "aggregated_count": 3}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 31133, "scanner": "repobility-threat-engine", "fingerprint": "00731aab7b3dd103034ea4419d918956f7b1dd984cd43c2d7641f9517c0b72dd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00731aab7b3dd103034ea4419d918956f7b1dd984cd43c2d7641f9517c0b72dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 31132, "scanner": "repobility-threat-engine", "fingerprint": "887386e5d2d428aa5877692daceaa32ad9885fb6dd38d1d5a9430b83d10a97b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|887386e5d2d428aa5877692daceaa32ad9885fb6dd38d1d5a9430b83d10a97b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/index.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 31131, "scanner": "repobility-threat-engine", "fingerprint": "88ca678e29a6ddca311a8b6229dcc1493d32583645d474969adef9a9c6b67074", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|88ca678e29a6ddca311a8b6229dcc1493d32583645d474969adef9a9c6b67074"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/geoip.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 31130, "scanner": "repobility-threat-engine", "fingerprint": "b58df9499acfd10b1e20b964429ac887f20e8cc016c1011756c8f46ae09a5873", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b58df9499acfd10b1e20b964429ac887f20e8cc016c1011756c8f46ae09a5873", "aggregated_count": 3}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 31129, "scanner": "repobility-threat-engine", "fingerprint": "6ee02675e172ed27b459274a87e9343112fc21c719ea06796ae4221e57eda8b7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ee02675e172ed27b459274a87e9343112fc21c719ea06796ae4221e57eda8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human/actionability.ts"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 31128, "scanner": "repobility-threat-engine", "fingerprint": "573c88954310905d8648e33eb6a8823b20e36527a28fed8821d7a71bec41c5be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|573c88954310905d8648e33eb6a8823b20e36527a28fed8821d7a71bec41c5be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/index.ts"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 31127, "scanner": "repobility-threat-engine", "fingerprint": "991e16e1f09bc55529304fdaeba45fdaef329f7c2f52e9975ef24a905ea57341", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|991e16e1f09bc55529304fdaeba45fdaef329f7c2f52e9975ef24a905ea57341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/geoip.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 31126, "scanner": "repobility-threat-engine", "fingerprint": "7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "aggregated_count": 3}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 31125, "scanner": "repobility-threat-engine", "fingerprint": "a5411ff65fa81b8ec770492f7931d3c6e5d6b3b8b2dc1a96a8db450f39042c4c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5411ff65fa81b8ec770492f7931d3c6e5d6b3b8b2dc1a96a8db450f39042c4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/human-puppeteer/index.ts"}, "region": {"startLine": 950}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 31124, "scanner": "repobility-threat-engine", "fingerprint": "a99b8c2ae4d16260160e38977cc0029de0774f8c3ef2bd1d76222d709bd9878e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a99b8c2ae4d16260160e38977cc0029de0774f8c3ef2bd1d76222d709bd9878e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/download.ts"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 31123, "scanner": "repobility-threat-engine", "fingerprint": "6bde5f0d5b9ed91f91374e4b430c509ee10cb876acd17a24ecd9de6ac35f1af3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6bde5f0d5b9ed91f91374e4b430c509ee10cb876acd17a24ecd9de6ac35f1af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/stealth-test.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 31122, "scanner": "repobility-threat-engine", "fingerprint": "f1e161962fe043d40b0b62354f7238946ffae30e19da416a3889d752e32876be", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f1e161962fe043d40b0b62354f7238946ffae30e19da416a3889d752e32876be", "aggregated_count": 8}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 31121, "scanner": "repobility-threat-engine", "fingerprint": "2702e9d1bf39a7792e64165d35d907a71e33a7c5aa184883202567e57cc12cd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2702e9d1bf39a7792e64165d35d907a71e33a7c5aa184883202567e57cc12cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/persistent-context.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 31120, "scanner": "repobility-threat-engine", "fingerprint": "3fea4d474bce2e726fc1345b261947cc17568d55a6c95e6bc696281e92693fd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3fea4d474bce2e726fc1345b261947cc17568d55a6c95e6bc696281e92693fd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/basic-puppeteer.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 31119, "scanner": "repobility-threat-engine", "fingerprint": "d21c9a4223ceef2ccf740b023b870befbcc084314354541e334cbe84b9045f74", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d21c9a4223ceef2ccf740b023b870befbcc084314354541e334cbe84b9045f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/examples/basic-playwright.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 31118, "scanner": "repobility-threat-engine", "fingerprint": "ea33e7d8985cbb9cd551a17f9760a1ec6b21444a40aa038cc421b900442be396", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea33e7d8985cbb9cd551a17f9760a1ec6b21444a40aa038cc421b900442be396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/config.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 31114, "scanner": "repobility-threat-engine", "fingerprint": "cd3346d6b7376fdc43090be830c9c60dc2124be0df4733cf2481dd8d83cf967d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd3346d6b7376fdc43090be830c9c60dc2124be0df4733cf2481dd8d83cf967d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/selenium_example.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 31113, "scanner": "repobility-threat-engine", "fingerprint": "8996ba1a196f17bd9e2a62d624d717211b66246455ede82ead134fcbd994ba76", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8996ba1a196f17bd9e2a62d624d717211b66246455ede82ead134fcbd994ba76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 31111, "scanner": "repobility-threat-engine", "fingerprint": "092cdd33b76850098954fe20da57aa3bb40a664e57be08030f171bd42e534eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "build_args", "breakdown": {"if": 9, "for": 3, "nested_bonus": 8}, "aggregated": true, "complexity": 20, "correlation_key": "fp|092cdd33b76850098954fe20da57aa3bb40a664e57be08030f171bd42e534eec", "aggregated_count": 26}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 31107, "scanner": "repobility-threat-engine", "fingerprint": "fb8a9c1f7f655029eab218decd5705c1681b0b4c3c31667df1047c8d49d8c843", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb8a9c1f7f655029eab218decd5705c1681b0b4c3c31667df1047c8d49d8c843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 834}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 31106, "scanner": "repobility-threat-engine", "fingerprint": "97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 31105, "scanner": "repobility-threat-engine", "fingerprint": "fceb9d8a01f5ed36bed94dbab75a1b279419629493992d50f91717c27f523752", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fceb9d8a01f5ed36bed94dbab75a1b279419629493992d50f91717c27f523752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 31104, "scanner": "repobility-threat-engine", "fingerprint": "a32caf51197b06ac411e9406f3347b9123d3fa4c309c7cc8104d3d0c0638aad5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a32caf51197b06ac411e9406f3347b9123d3fa4c309c7cc8104d3d0c0638aad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 31103, "scanner": "repobility-threat-engine", "fingerprint": "cb0eae6c502a15e21090edbc90cbc7610bd4b9680821b23ed14cdc23017286aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb0eae6c502a15e21090edbc90cbc7610bd4b9680821b23ed14cdc23017286aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 702}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 31102, "scanner": "repobility-threat-engine", "fingerprint": "72dd90c057b4dd38de51014518b482c9afa85e4a37030a9eca8acf19f6e5e7cb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72dd90c057b4dd38de51014518b482c9afa85e4a37030a9eca8acf19f6e5e7cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/proxy.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 31101, "scanner": "repobility-threat-engine", "fingerprint": "85bb409600c0a734f065853b8ef40763716108fdcf3d0fa7bb88fdfbb9fe5bb6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85bb409600c0a734f065853b8ef40763716108fdcf3d0fa7bb88fdfbb9fe5bb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/lambda_handler.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 31100, "scanner": "repobility-threat-engine", "fingerprint": "dc3a736fad878d297ddd33fccf09e28132e7fcf1e2fe5ae139de64b67ffea431", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc3a736fad878d297ddd33fccf09e28132e7fcf1e2fe5ae139de64b67ffea431"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 31097, "scanner": "repobility-threat-engine", "fingerprint": "bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bd632c4ade7e75e1a901d5e2da5e3e85b36e57e91ccdfbe5098de1738a5edc96", "aggregated_count": 3}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 31093, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 29327, "scanner": "repobility-threat-engine", "fingerprint": "e29ad9d359ff6851d9dbc39e31910862e4184affc2dab846982b87491414f051", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|234|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/config.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 29326, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 4915, "scanner": "repobility-threat-engine", "fingerprint": "e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 4908, "scanner": "repobility-threat-engine", "fingerprint": "c08d5d6d20bee8e36fa9df47a46d89e800c7efe14786438ae211fe845a778bb8", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c08d5d6d20bee8e36fa9df47a46d89e800c7efe14786438ae211fe845a778bb8"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 4907, "scanner": "repobility-threat-engine", "fingerprint": "12cfaf8c0520ff622fb8f2ea32ea99ca5afedb90b228c396cf15434455270680", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|48|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/mouse_async.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 4906, "scanner": "repobility-threat-engine", "fingerprint": "3f1d84eae7634f8aad97ada17fbfe90376a844b6f297f8b3c60ebfb05c2e25c6", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|87|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/keyboard.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 4905, "scanner": "repobility-threat-engine", "fingerprint": "ce1e309cdccd885ce756585bbaba38ca56e4024e1fd84721139e3f715997c1bf", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|cloakbrowser/config.py|46|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 52319, "scanner": "repobility-threat-engine", "fingerprint": "fbb47e117c6f1fb5897c827c3b9ddc4ed7b1cca0ced05e8f970198e58b9e6a50", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(o", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fbb47e117c6f1fb5897c827c3b9ddc4ed7b1cca0ced05e8f970198e58b9e6a50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/puppeteer.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 44082, "scanner": "repobility-ast-engine", "fingerprint": "32981693a6a31cae566a7c29bd20798ce7924ef05c5fbaea6696f84067d3a721", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32981693a6a31cae566a7c29bd20798ce7924ef05c5fbaea6696f84067d3a721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 44081, "scanner": "repobility-ast-engine", "fingerprint": "47f208e6526dd3b55530ee95a4dcfb57e6fb040942adf29b56b241916a7012ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47f208e6526dd3b55530ee95a4dcfb57e6fb040942adf29b56b241916a7012ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 44080, "scanner": "repobility-ast-engine", "fingerprint": "94d5799d62ba9afb418ad460635d63e905eb525cd3b67080009984b2441321b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94d5799d62ba9afb418ad460635d63e905eb525cd3b67080009984b2441321b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 407}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 44079, "scanner": "repobility-ast-engine", "fingerprint": "3747dccd68d26394b7fcc671a735e6892b80717886e78cd563350f34001c563e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3747dccd68d26394b7fcc671a735e6892b80717886e78cd563350f34001c563e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 402}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 44078, "scanner": "repobility-ast-engine", "fingerprint": "25052b73c433714e3fd55a4cf62be6cc72eaa5b33be2d41336a07a5b5ef0d4dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|25052b73c433714e3fd55a4cf62be6cc72eaa5b33be2d41336a07a5b5ef0d4dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 44077, "scanner": "repobility-ast-engine", "fingerprint": "b635a8479bd3b171b3c54ee2d91b80af3ea2f4c98e8f52a7b19f1de6dfe7f6eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b635a8479bd3b171b3c54ee2d91b80af3ea2f4c98e8f52a7b19f1de6dfe7f6eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 392}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44076, "scanner": "repobility-ast-engine", "fingerprint": "a0665f51c2c736fe29233701764ccb01ec1b3815847445b0e6c7782195512d74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0665f51c2c736fe29233701764ccb01ec1b3815847445b0e6c7782195512d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._patch_session` used but never assigned in __init__"}, "properties": {"repobilityId": 44075, "scanner": "repobility-ast-engine", "fingerprint": "1f8b4207e9b017f837cef053ba5fa587fb8469b852bd1f8d0e5cce473b01d579", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f8b4207e9b017f837cef053ba5fa587fb8469b852bd1f8d0e5cce473b01d579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44074, "scanner": "repobility-ast-engine", "fingerprint": "369dbfe3f6bba323b32b4221983c596d8c8535fd7d78a41d80e243c86f939fb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|369dbfe3f6bba323b32b4221983c596d8c8535fd7d78a41d80e243c86f939fb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._patch_session` used but never assigned in __init__"}, "properties": {"repobilityId": 44073, "scanner": "repobility-ast-engine", "fingerprint": "087d8f6a5c5c68b3e8f601623d05e574b9858dcfd1cfe859d304bca9f940dd56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|087d8f6a5c5c68b3e8f601623d05e574b9858dcfd1cfe859d304bca9f940dd56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._FakeSession` used but never assigned in __init__"}, "properties": {"repobilityId": 44072, "scanner": "repobility-ast-engine", "fingerprint": "d4423f9a7b76619e7c25fa7310cca0dde3dda4734733132a2ae545c36da25731", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4423f9a7b76619e7c25fa7310cca0dde3dda4734733132a2ae545c36da25731"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44071, "scanner": "repobility-ast-engine", "fingerprint": "84489717627cd01fed1c1d03907c09a00a86e0401bc3e1a4bf4ec16be2c68ba2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84489717627cd01fed1c1d03907c09a00a86e0401bc3e1a4bf4ec16be2c68ba2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44070, "scanner": "repobility-ast-engine", "fingerprint": "c888a7587b1c68ef99a96f4cbe290ecfd7e25156d77c18d027d6cd6c54ca074d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c888a7587b1c68ef99a96f4cbe290ecfd7e25156d77c18d027d6cd6c54ca074d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44069, "scanner": "repobility-ast-engine", "fingerprint": "9588d888a8ca956d966288329228b01bf934cfedd046db3794eea5e748e7ec6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9588d888a8ca956d966288329228b01bf934cfedd046db3794eea5e748e7ec6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44068, "scanner": "repobility-ast-engine", "fingerprint": "83e0287b5cd0569929d25ce7560a0d85219b3ef2740921fb2732c4e6c927b0a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83e0287b5cd0569929d25ce7560a0d85219b3ef2740921fb2732c4e6c927b0a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44067, "scanner": "repobility-ast-engine", "fingerprint": "ae7d6e018b194911dfe29c67c9ce35e8b189596865a89593ae17ebc3f703e2d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae7d6e018b194911dfe29c67c9ce35e8b189596865a89593ae17ebc3f703e2d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44066, "scanner": "repobility-ast-engine", "fingerprint": "06fdbd95e62e6590cad678732c7f77c81435914286740b70cf6bcfed3e88a3df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|06fdbd95e62e6590cad678732c7f77c81435914286740b70cf6bcfed3e88a3df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._Request` used but never assigned in __init__"}, "properties": {"repobilityId": 44065, "scanner": "repobility-ast-engine", "fingerprint": "d32f5d48f54aefe2e1c15046fc3616ca9336676bda3417cc27e62fcf312dccde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d32f5d48f54aefe2e1c15046fc3616ca9336676bda3417cc27e62fcf312dccde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_handle_still_raises_when_covered"}, "properties": {"repobilityId": 42868, "scanner": "repobility-ast-engine", "fingerprint": "9e0bc9c67615def490fc848513875512abba1cec5692a95a9f96275f112e532e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e0bc9c67615def490fc848513875512abba1cec5692a95a9f96275f112e532e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1919}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37654, "scanner": "repobility-threat-engine", "fingerprint": "7b8075ad78159ff8264d9581c29d4adae91a73f835954aae457ec65b455b6b9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b8075ad78159ff8264d9581c29d4adae91a73f835954aae457ec65b455b6b9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/geoip.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37653, "scanner": "repobility-threat-engine", "fingerprint": "b0747600747f0ea379eb9d2a75d6473924f6eceabec1025ecb789e1f68ec11ac", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(o", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b0747600747f0ea379eb9d2a75d6473924f6eceabec1025ecb789e1f68ec11ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/puppeteer.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37652, "scanner": "repobility-threat-engine", "fingerprint": "24ea97bcc420e8946bcdba7d00e6dbeefc66d9924500e7884ace0f1ad6176aa5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24ea97bcc420e8946bcdba7d00e6dbeefc66d9924500e7884ace0f1ad6176aa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/src/config.ts"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED119", "level": "error", "message": {"text": "Dockerfile `ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-${TARGETARCH}`"}, "properties": {"repobilityId": 37651, "scanner": "repobility-supply-chain", "fingerprint": "2a573ecef8022c88a40ae2a67e2ad1ab2dd519ebbf32a4631d4cf955aa9c7f93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-add-remote-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829", "CWE-494"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a573ecef8022c88a40ae2a67e2ad1ab2dd519ebbf32a4631d4cf955aa9c7f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `cloakhq/cloakbrowser:latest` not pinned by digest"}, "properties": {"repobilityId": 37650, "scanner": "repobility-supply-chain", "fingerprint": "974e7ed028f85510a2e0298c7bf1d2d142fbb54479718d3d5ce62ea81644efc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|974e7ed028f85510a2e0298c7bf1d2d142fbb54479718d3d5ce62ea81644efc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/Dockerfile"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12-slim` not pinned by digest"}, "properties": {"repobilityId": 37649, "scanner": "repobility-supply-chain", "fingerprint": "86501238955cd076654cf2551739b8a793de47eb8bc9db89cba7bc4fe0befa2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86501238955cd076654cf2551739b8a793de47eb8bc9db89cba7bc4fe0befa2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_world` used but never assigned in __init__"}, "properties": {"repobilityId": 37626, "scanner": "repobility-ast-engine", "fingerprint": "29d161dbfaf9d9232877b67cb3083e4ad2a5b38eeb8fc555bd16729f675573b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29d161dbfaf9d9232877b67cb3083e4ad2a5b38eeb8fc555bd16729f675573b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stealth_unit.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_world` used but never assigned in __init__"}, "properties": {"repobilityId": 37625, "scanner": "repobility-ast-engine", "fingerprint": "6b3a420ef9321e19d13ba2873b243f3d0e562e231f0080b2699cd7914b42b469", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b3a420ef9321e19d13ba2873b243f3d0e562e231f0080b2699cd7914b42b469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stealth_unit.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37624, "scanner": "repobility-ast-engine", "fingerprint": "1573eb644bf7510a35eda0a0c9f03a55f4fc67b6416ccd83974471673311d03e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1573eb644bf7510a35eda0a0c9f03a55f4fc67b6416ccd83974471673311d03e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37623, "scanner": "repobility-ast-engine", "fingerprint": "13a78f6a4ae6ca484b82538429d0319e9af9e2ad5f4cf753196c5f5e2ce27035", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13a78f6a4ae6ca484b82538429d0319e9af9e2ad5f4cf753196c5f5e2ce27035"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37622, "scanner": "repobility-ast-engine", "fingerprint": "6f498c82fcad780dc48d2cbbcd1416ea19b4508f620b274417542b78a6e98349", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f498c82fcad780dc48d2cbbcd1416ea19b4508f620b274417542b78a6e98349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37621, "scanner": "repobility-ast-engine", "fingerprint": "d776ecd287f4064dd228d3022530c366d07ddf9b852a483f838aef9a06c3e880", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d776ecd287f4064dd228d3022530c366d07ddf9b852a483f838aef9a06c3e880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 391}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37620, "scanner": "repobility-ast-engine", "fingerprint": "b25eff6e0b809d013eb6bfdd3a8d3d2065cb2f8b7fec4cc2df591ed5699d1162", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b25eff6e0b809d013eb6bfdd3a8d3d2065cb2f8b7fec4cc2df591ed5699d1162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37619, "scanner": "repobility-ast-engine", "fingerprint": "397657ee0338322109f363e3ca9ebb96aa9678018f6befef306b769aad4c3eec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|397657ee0338322109f363e3ca9ebb96aa9678018f6befef306b769aad4c3eec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37618, "scanner": "repobility-ast-engine", "fingerprint": "3e0063ad9051a48f873b771bd9c7d73ab6d86eaa2045a1dcb06b898b0c889511", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e0063ad9051a48f873b771bd9c7d73ab6d86eaa2045a1dcb06b898b0c889511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37617, "scanner": "repobility-ast-engine", "fingerprint": "f7fd077eb6de6d86fdd729072dd842b748c934692cfcdea5b8d1e263f00a66f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7fd077eb6de6d86fdd729072dd842b748c934692cfcdea5b8d1e263f00a66f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_pool` used but never assigned in __init__"}, "properties": {"repobilityId": 37616, "scanner": "repobility-ast-engine", "fingerprint": "9eda504fd71e79dbd51ca57508099626f0a2761bd65f15ab8c3b9207a9313d19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9eda504fd71e79dbd51ca57508099626f0a2761bd65f15ab8c3b9207a9313d19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 37615, "scanner": "repobility-ast-engine", "fingerprint": "3f9fd029cfb7b8605ad0aa383a06d65797d344484ecad340b131d08b146d6601", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f9fd029cfb7b8605ad0aa383a06d65797d344484ecad340b131d08b146d6601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 37614, "scanner": "repobility-ast-engine", "fingerprint": "e8e513de1312fb6fad982738fdb717ba9469054b09e663c388b6a6c5b52f1919", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8e513de1312fb6fad982738fdb717ba9469054b09e663c388b6a6c5b52f1919"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 37613, "scanner": "repobility-ast-engine", "fingerprint": "5020c3f86b87bf91f6e39c358fa9e9605479403b5b3dcdaa116b11218d3aab33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5020c3f86b87bf91f6e39c358fa9e9605479403b5b3dcdaa116b11218d3aab33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 37612, "scanner": "repobility-ast-engine", "fingerprint": "5d8769ea38b87b451f9c128b0ca1f967e933ad78d6adb1ef465f052e348cc010", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d8769ea38b87b451f9c128b0ca1f967e933ad78d6adb1ef465f052e348cc010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_list_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 37611, "scanner": "repobility-ast-engine", "fingerprint": "7c758067de3850c1f142d24fb40c0920177f8202f03cd8a98c2ad3967de7a6c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c758067de3850c1f142d24fb40c0920177f8202f03cd8a98c2ad3967de7a6c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 37610, "scanner": "repobility-ast-engine", "fingerprint": "66cba31ec64e7aaa312a40a98fd5b434cf56e9ade1e9e3546c01c9d8fd884d2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66cba31ec64e7aaa312a40a98fd5b434cf56e9ade1e9e3546c01c9d8fd884d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rewrite_version` used but never assigned in __init__"}, "properties": {"repobilityId": 37609, "scanner": "repobility-ast-engine", "fingerprint": "df2918e65a6b6181c103259725e28d2bb75d863117505df0e95ec5a79dc40e99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df2918e65a6b6181c103259725e28d2bb75d863117505df0e95ec5a79dc40e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cloakserve.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37608, "scanner": "repobility-ast-engine", "fingerprint": "2560b9e5b10fa2c3a768506deb9d9f922d25825591f030ca7f7b0edcc9716582", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2560b9e5b10fa2c3a768506deb9d9f922d25825591f030ca7f7b0edcc9716582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37607, "scanner": "repobility-ast-engine", "fingerprint": "c7f73fe932da3082b021d42db8368cbf2b0b61c9f1d6075155eac97abaf2036a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7f73fe932da3082b021d42db8368cbf2b0b61c9f1d6075155eac97abaf2036a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37606, "scanner": "repobility-ast-engine", "fingerprint": "da6d9dae8b84945e3a2ee1f0228875154abf31b382238eea4f6d6230b288d454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da6d9dae8b84945e3a2ee1f0228875154abf31b382238eea4f6d6230b288d454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37605, "scanner": "repobility-ast-engine", "fingerprint": "2be45f11c17b3d7423aefa6a7ab58a16293c36178fd125b249d42564aa1bb9e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2be45f11c17b3d7423aefa6a7ab58a16293c36178fd125b249d42564aa1bb9e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37604, "scanner": "repobility-ast-engine", "fingerprint": "8d8fd858c80cf9bfba6b6ad1cc3b998c18b3451cd779a054f77405036230ec6a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d8fd858c80cf9bfba6b6ad1cc3b998c18b3451cd779a054f77405036230ec6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37603, "scanner": "repobility-ast-engine", "fingerprint": "c5b3d4b67f6ff962b097c4ae551cc9a95224c7dbf2b9c3dd91919904d0f7c396", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5b3d4b67f6ff962b097c4ae551cc9a95224c7dbf2b9c3dd91919904d0f7c396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_assets` used but never assigned in __init__"}, "properties": {"repobilityId": 37602, "scanner": "repobility-ast-engine", "fingerprint": "157c7ddba2d226ec1effe916ab1420e77e47d786999258f15b11180ea957b554", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|157c7ddba2d226ec1effe916ab1420e77e47d786999258f15b11180ea957b554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_update.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_accepts_http_and_https"}, "properties": {"repobilityId": 37601, "scanner": "repobility-ast-engine", "fingerprint": "78967e8dcd1f0109ff7590eefffc77e460e55bae2e887d1cd8043f9d88bafecd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78967e8dcd1f0109ff7590eefffc77e460e55bae2e887d1cd8043f9d88bafecd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lambda_security.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_non_http_schemes"}, "properties": {"repobilityId": 37600, "scanner": "repobility-ast-engine", "fingerprint": "0653f27bf5fc9c0e1335f59948675213b1a36d4164b21953b2337b48129c6434", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0653f27bf5fc9c0e1335f59948675213b1a36d4164b21953b2337b48129c6434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_lambda_security.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_geo_raises_when_geoip2_missing"}, "properties": {"repobilityId": 37598, "scanner": "repobility-ast-engine", "fingerprint": "418857b751b5ec74ec3176041be35c329020f0f0a17925d3b85c258a1d3ac74f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|418857b751b5ec74ec3176041be35c329020f0f0a17925d3b85c258a1d3ac74f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_geoip.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unsupported_raises"}, "properties": {"repobilityId": 37597, "scanner": "repobility-ast-engine", "fingerprint": "5fb853cb5d6edc612c0a961cd387b1ba644414ce261f021950f939a9d9d85d47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fb853cb5d6edc612c0a961cd387b1ba644414ce261f021950f939a9d9d85d47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_geoip_http_dict_does_not_inline_creds"}, "properties": {"repobilityId": 37596, "scanner": "repobility-ast-engine", "fingerprint": "3b482df3c26a50c849c89a12891e2d7432cb996ef51c8980f3c452ba23d0cd41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b482df3c26a50c849c89a12891e2d7432cb996ef51c8980f3c452ba23d0cd41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_geoip_socks5_dict_no_auth_uses_server"}, "properties": {"repobilityId": 37595, "scanner": "repobility-ast-engine", "fingerprint": "cc502ca4da6a9d40da067c530f61accfce3c172f72981b7986452f96bc8bb256", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc502ca4da6a9d40da067c530f61accfce3c172f72981b7986452f96bc8bb256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_backend_invalid_env_raises"}, "properties": {"repobilityId": 37594, "scanner": "repobility-ast-engine", "fingerprint": "4447ff3f41916f4f9aba359ac2cce8a7012b00e268017074157f233bcd92c278", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4447ff3f41916f4f9aba359ac2cce8a7012b00e268017074157f233bcd92c278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_backend.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolve_backend_invalid_raises"}, "properties": {"repobilityId": 37593, "scanner": "repobility-ast-engine", "fingerprint": "ffd78ffb4b47ad375bf620895c97821b34ade13dbccbd3cc64b5910a38733650", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffd78ffb4b47ad375bf620895c97821b34ade13dbccbd3cc64b5910a38733650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_backend.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_scroll_to_element_forwards_timeout"}, "properties": {"repobilityId": 37592, "scanner": "repobility-ast-engine", "fingerprint": "537565be0077740a3be06a8a567722b2c683c70e407dcacfdb2b29004dd41100", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|537565be0077740a3be06a8a567722b2c683c70e407dcacfdb2b29004dd41100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1408}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_element_box_custom_timeout"}, "properties": {"repobilityId": 37591, "scanner": "repobility-ast-engine", "fingerprint": "186a4dd472e197e435edeee958da782d674fcfd83e90b43a42a35d4eafd0f2ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|186a4dd472e197e435edeee958da782d674fcfd83e90b43a42a35d4eafd0f2ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1395}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_element_box_default_timeout"}, "properties": {"repobilityId": 37590, "scanner": "repobility-ast-engine", "fingerprint": "fbd4cada550a14ab38d559fa2c009a08dee469321ce99d410879062523a4c197", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbd4cada550a14ab38d559fa2c009a08dee469321ce99d410879062523a4c197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 1382}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_error_on_cyrillic"}, "properties": {"repobilityId": 37589, "scanner": "repobility-ast-engine", "fingerprint": "1fee340f8416ed5f000e4c8dd4e0cb4195f4de7f95b9a17797edbfd1e2af25ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fee340f8416ed5f000e4c8dd4e0cb4195f4de7f95b9a17797edbfd1e2af25ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 565}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_press_clicks_when_not_focused"}, "properties": {"repobilityId": 37588, "scanner": "repobility-ast-engine", "fingerprint": "bd78358cbac041ac7517e52afa4dce7df5463f366d98845be62e6feceb4a0c45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd78358cbac041ac7517e52afa4dce7df5463f366d98845be62e6feceb4a0c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_press_skips_click_when_focused"}, "properties": {"repobilityId": 37587, "scanner": "repobility-ast-engine", "fingerprint": "54675d3bcafae7a35eaa057b7b7e6145c4e62333de053edb9a06b44cfa9adc29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54675d3bcafae7a35eaa057b7b7e6145c4e62333de053edb9a06b44cfa9adc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_preset_raises"}, "properties": {"repobilityId": 37586, "scanner": "repobility-ast-engine", "fingerprint": "588dc36279dbdfdad187bb7e8b1690e48ae5254aeb06fcbf716bbedf64a5948b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|588dc36279dbdfdad187bb7e8b1690e48ae5254aeb06fcbf716bbedf64a5948b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humanize_unit.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_path_traversal_blocked"}, "properties": {"repobilityId": 37585, "scanner": "repobility-ast-engine", "fingerprint": "2813ff408a742455f94f9cb1caf2e6a301839b43a25b75b113bd717c7804ed21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2813ff408a742455f94f9cb1caf2e6a301839b43a25b75b113bd717c7804ed21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_extract.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_path_traversal_blocked"}, "properties": {"repobilityId": 37584, "scanner": "repobility-ast-engine", "fingerprint": "55326150108866620fe64105226f936151b7a530032968b0894fbb9350a6860e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55326150108866620fe64105226f936151b7a530032968b0894fbb9350a6860e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_extract.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_creepjs"}, "properties": {"repobilityId": 37583, "scanner": "repobility-ast-engine", "fingerprint": "608bdec2dfa8c79d607b566c68792e04bce7b3a2fa189238cef14ad4a1beb0ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|608bdec2dfa8c79d607b566c68792e04bce7b3a2fa189238cef14ad4a1beb0ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/fingerprint_scan_test.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fingerprint_scan"}, "properties": {"repobilityId": 37582, "scanner": "repobility-ast-engine", "fingerprint": "a5768eea136b5820dbe63422e5fa1ab76ae9bc0be9ef166245980e66a358ba43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5768eea136b5820dbe63422e5fa1ab76ae9bc0be9ef166245980e66a358ba43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/fingerprint_scan_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_recaptcha"}, "properties": {"repobilityId": 37578, "scanner": "repobility-ast-engine", "fingerprint": "c84fc502a16015e24de1d4514f4c876063036850d3bf4b37148cc748cffd8076", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c84fc502a16015e24de1d4514f4c876063036850d3bf4b37148cc748cffd8076"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fingerprintjs"}, "properties": {"repobilityId": 37577, "scanner": "repobility-ast-engine", "fingerprint": "bc1b1c98037f0e76874bd9517766d9e1cdd248c77e5c6bcfbf955162a1386590", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc1b1c98037f0e76874bd9517766d9e1cdd248c77e5c6bcfbf955162a1386590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deviceandbrowserinfo"}, "properties": {"repobilityId": 37576, "scanner": "repobility-ast-engine", "fingerprint": "e72182970ea00acd97a683cedc30a738da357f6457b940229a0b87427748aa1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e72182970ea00acd97a683cedc30a738da357f6457b940229a0b87427748aa1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_browserscan"}, "properties": {"repobilityId": 37575, "scanner": "repobility-ast-engine", "fingerprint": "4c5d4043961e2d00c6584a9391bc6385307c42de040ababd172bbf79b7cbfa0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c5d4043961e2d00c6584a9391bc6385307c42de040ababd172bbf79b7cbfa0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_bot_incolumitas"}, "properties": {"repobilityId": 37574, "scanner": "repobility-ast-engine", "fingerprint": "8157d9d1f8e6947c4921053298d9c3b633f3779737756298615dc6cabc1c42e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8157d9d1f8e6947c4921053298d9c3b633f3779737756298615dc6cabc1c42e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_bot_sannysoft"}, "properties": {"repobilityId": 37573, "scanner": "repobility-ast-engine", "fingerprint": "b88069e23f7bfe462c3165e0ef3eeeb838cd07efc1634c092f20e440de402a02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b88069e23f7bfe462c3165e0ef3eeeb838cd07efc1634c092f20e440de402a02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/stealth_test.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 31112, "scanner": "repobility-threat-engine", "fingerprint": "8c4adf7d59a11e95e7c9f0b5cd36e05fc6672fec3d7f9fd5784ee0df34e511d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(dest_dir, members=safe_members)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8c4adf7d59a11e95e7c9f0b5cd36e05fc6672fec3d7f9fd5784ee0df34e511d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 31096, "scanner": "repobility-threat-engine", "fingerprint": "bd904263c45d7ed9ffa7e3311e3b167163746d3f135e52e83c499b4922b52875", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd904263c45d7ed9ffa7e3311e3b167163746d3f135e52e83c499b4922b52875"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 31095, "scanner": "repobility-threat-engine", "fingerprint": "38e719c523c88e188d7dc5b1241b3db8f294fc997233f1a017fc0b2e5ff2bf1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38e719c523c88e188d7dc5b1241b3db8f294fc997233f1a017fc0b2e5ff2bf1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 31094, "scanner": "repobility-threat-engine", "fingerprint": "b743072d609186a3d6eef90a462a455bb8275183092586fdb9d76cbbb62f2607", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b743072d609186a3d6eef90a462a455bb8275183092586fdb9d76cbbb62f2607"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 701}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 31092, "scanner": "repobility-threat-engine", "fingerprint": "c5aa6e8c68aabf362cdc6b7565b109ad8fa0dc3b249ee8c6762c101673fc49c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "merged.update(overrides)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c5aa6e8c68aabf362cdc6b7565b109ad8fa0dc3b249ee8c6762c101673fc49c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/human/config.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 31091, "scanner": "repobility-threat-engine", "fingerprint": "9ccb3973c557a049c11259feb0c449d6a13a753f9514db6c6f04bfa6452df898", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sha256.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9ccb3973c557a049c11259feb0c449d6a13a753f9514db6c6f04bfa6452df898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 31090, "scanner": "repobility-threat-engine", "fingerprint": "e7cab8b65f6dd1a0b91e5d391704d48b8f7d9f6c741d555b2adc1b1e64033245", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "context_kwargs.update(kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e7cab8b65f6dd1a0b91e5d391704d48b8f7d9f6c741d555b2adc1b1e64033245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 31089, "scanner": "repobility-threat-engine", "fingerprint": "634a689bda94739035e8ea9d3d50e6519b9169c009ea7916855f4b890cb37464", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|634a689bda94739035e8ea9d3d50e6519b9169c009ea7916855f4b890cb37464"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 698}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 31088, "scanner": "repobility-threat-engine", "fingerprint": "81c1a9e52d6a6fb56d7e3659943b453226267785d5e845282e7ed4db0b40186d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81c1a9e52d6a6fb56d7e3659943b453226267785d5e845282e7ed4db0b40186d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/__main__.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29325, "scanner": "repobility-threat-engine", "fingerprint": "26fbcaca2a84a3e90cc1d6edccaf39344075615adbf0de00af32a07f955028cb", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|26fbcaca2a84a3e90cc1d6edccaf39344075615adbf0de00af32a07f955028cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/download.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29324, "scanner": "repobility-threat-engine", "fingerprint": "8a0afaae1ec8a859acd4133b09918a3a482ebfbb3ce23053d044adf90d674b0e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a0afaae1ec8a859acd4133b09918a3a482ebfbb3ce23053d044adf90d674b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/config.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 29323, "scanner": "repobility-threat-engine", "fingerprint": "d75ea5e78fcd0fe4252655eb9486f30bb4a0a4ad333543e20490fe731a4a79f6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n    s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d75ea5e78fcd0fe4252655eb9486f30bb4a0a4ad333543e20490fe731a4a79f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 777}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 4916, "scanner": "repobility-docker", "fingerprint": "18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|18dfd49f7c2b31a24c554e21e284630116137c4aadba77a5e0d0384a6d3a7f1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "GHSA-5xrq-8626-4rwp", "level": "error", "message": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "properties": {"repobilityId": 52327, "scanner": "osv-scanner", "fingerprint": "0a2b55fa61c328829fe5fb2a5db46aca8a3fd9859b671614c4f84f96f6b85f76", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47429"], "package": "vitest", "rule_id": "GHSA-5xrq-8626-4rwp", "scanner": "osv-scanner", "correlation_key": "vuln|vitest|CVE-2026-47429|js/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `locale` used but not imported"}, "properties": {"repobilityId": 37599, "scanner": "repobility-ast-engine", "fingerprint": "c2fa1e75adb86c7cac793a62e2550a3aa47b19b9c062dea05f366f398bb660a7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2fa1e75adb86c7cac793a62e2550a3aa47b19b9c062dea05f366f398bb660a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_geoip.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 31099, "scanner": "repobility-threat-engine", "fingerprint": "9539443ba98eaba74f8ba78694701249cbe6c30ceafb3e48bd0cf4c6f2ec3502", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9539443ba98eaba74f8ba78694701249cbe6c30ceafb3e48bd0cf4c6f2ec3502"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/integrations/aws_lambda/lambda_handler.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 31098, "scanner": "repobility-threat-engine", "fingerprint": "324147421c80e31bd8fc381ec5ad73876da4d58b607caa1670af81ef41568353", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|324147421c80e31bd8fc381ec5ad73876da4d58b607caa1670af81ef41568353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloakbrowser/browser.py"}, "region": {"startLine": 75}}}]}]}]}