{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-3pv8-6f4r-ffg2", "name": "tar: GHSA-3pv8-6f4r-ffg2", "shortDescription": {"text": "tar: GHSA-3pv8-6f4r-ffg2"}, "fullDescription": {"text": "tar has a PAX header desynchronization issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0068", "name": "tar: RUSTSEC-2026-0068", "shortDescription": {"text": "tar: RUSTSEC-2026-0068"}, "fullDescription": {"text": "tar-rs incorrectly ignores PAX size headers if header size is nonzero"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0067", "name": "tar: RUSTSEC-2026-0067", "shortDescription": {"text": "tar: RUSTSEC-2026-0067"}, "fullDescription": {"text": "`unpack_in` can chmod arbitrary directories by following symlinks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0002", "name": "lru: RUSTSEC-2026-0002", "shortDescription": {"text": "lru: RUSTSEC-2026-0002"}, "fullDescription": {"text": "`IterMut` violates Stacked Borrows by invalidating internal pointer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0007", "name": "bytes: RUSTSEC-2026-0007", "shortDescription": {"text": "bytes: RUSTSEC-2026-0007"}, "fullDescription": {"text": "Integer overflow in `BytesMut::reserve`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1345"}, "properties": {"repository": "Szybet/InkWatchy", "repoUrl": "https://github.com/Szybet/InkWatchy", "branch": "master"}, "results": [{"ruleId": "GHSA-3pv8-6f4r-ffg2", "level": "warning", "message": {"text": "tar: GHSA-3pv8-6f4r-ffg2"}, "properties": {"repobilityId": 137468, "scanner": "osv-scanner", "fingerprint": "a28e551edfbcce9ff3a5447c6909c1a7f5e4a66e096fe3cc4089db6c34758675", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "package": "tar", "rule_id": "GHSA-3pv8-6f4r-ffg2", "scanner": "osv-scanner", "correlation_key": "vuln|tar|GHSA-3PV8-6F4R-FFG2|token", "duplicate_count": 3, "duplicate_rule_ids": ["GHSA-3pv8-6f4r-ffg2"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["38bb8d53d35a6082a2c91818e57c2ec777dd6d7aecb3533271417cecf63e3b39", "71e09f69edd86e208f2e2356bb91d7e91c015ede6042a11240c28da137716064", "a28e551edfbcce9ff3a5447c6909c1a7f5e4a66e096fe3cc4089db6c34758675", "c67d622adaed57d2fc01f99fba028c222422efd285fdc7ccc6f718c0fb0db4d2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 137460, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 137459, "scanner": "repobility-docker", "fingerprint": "d0cf49cefaa67c1d2e8c3be87672ecb9a61931ef406238d3dc9fc53f1b8510bd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d0cf49cefaa67c1d2e8c3be87672ecb9a61931ef406238d3dc9fc53f1b8510bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 137442, "scanner": "repobility-threat-engine", "fingerprint": "10db84ce8c6f0923740d2564fe2a0641d81e6139c4e4cb2fa32ed768a1fe7b39", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password = \"<redacted>\"", "reason": "Low entropy value (3.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/defines/templates/laitnedifnoc-template.h"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 137441, "scanner": "repobility-threat-engine", "fingerprint": "681c124f5f6fa526f44b0128c763ad5850b089f179e153df19286bb508c22c9a", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password=\"<redacted>}0\"", "reason": "Low entropy value (3.9 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted 0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/vault/convertImagesVault.sh"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 137438, "scanner": "repobility-threat-engine", "fingerprint": "bae50ba82cc96b24aee2c4539a918dceef66461a7745f06aacc64014a919fff4", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|20|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/depracated/generatePartTable.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 137428, "scanner": "repobility-threat-engine", "fingerprint": "0b405f2855c886faa2fe3ae43eb9ee4a240a5fc709b79e2ded1edafe932ee05b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b405f2855c886faa2fe3ae43eb9ee4a240a5fc709b79e2ded1edafe932ee05b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/src/lib.rs"}, "region": {"startLine": 98}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 137423, "scanner": "repobility-agent-runtime", "fingerprint": "1410df5ab84279a165c38d1f7eb45f0b6745d52c2dcc547ac20d488ac1ffe7c1", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1410df5ab84279a165c38d1f7eb45f0b6745d52c2dcc547ac20d488ac1ffe7c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/setup/installRust.sh"}, "region": {"startLine": 10}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 137410, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 137458, "scanner": "repobility-docker", "fingerprint": "dd67d7ac08ea3763be2723ada2e1513f6dfe5fda97661b18deb1042398d4833c", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dd67d7ac08ea3763be2723ada2e1513f6dfe5fda97661b18deb1042398d4833c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 79}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 137457, "scanner": "repobility-docker", "fingerprint": "6604acc2f7861eb3e6652a5f5566e8b1236ba520518fee6593eeedee1e126097", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6604acc2f7861eb3e6652a5f5566e8b1236ba520518fee6593eeedee1e126097"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 79}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 137456, "scanner": "repobility-docker", "fingerprint": "87f275fbdd278ec2f453781759bf97452dd2232b4e4df37a9a52c28ec710c001", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|87f275fbdd278ec2f453781759bf97452dd2232b4e4df37a9a52c28ec710c001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 58}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 137455, "scanner": "repobility-docker", "fingerprint": "a0ceced8aa7e8db8674705456cd8611af12e595880e1c6a302cf7cad9bf085d8", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a0ceced8aa7e8db8674705456cd8611af12e595880e1c6a302cf7cad9bf085d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 137454, "scanner": "repobility-docker", "fingerprint": "5169b6f0fe33b8f141f9de67ce363dbf93b18d032cec99d1ab8dd5f3579d57fd", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5169b6f0fe33b8f141f9de67ce363dbf93b18d032cec99d1ab8dd5f3579d57fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 137453, "scanner": "repobility-docker", "fingerprint": "7edf8e11a665eee317f17d5cd72f81aeb323a2f7e3f1b20b37eb79df0ba17319", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7edf8e11a665eee317f17d5cd72f81aeb323a2f7e3f1b20b37eb79df0ba17319"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 137452, "scanner": "repobility-docker", "fingerprint": "3bd15b2f5ee4f11812fa715ba73e6964e2c42362e8c009eb9ce55635f3e7a943", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|3bd15b2f5ee4f11812fa715ba73e6964e2c42362e8c009eb9ce55635f3e7a943"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/compile/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 137450, "scanner": "repobility-threat-engine", "fingerprint": "fb64b34ed36dd52005e0822f115adf296c4545e45121f3efe0d88a8d81ce5048", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\" bare UTC is: \" + lastMenuSelected + \" selected is: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb64b34ed36dd52005e0822f115adf296c4545e45121f3efe0d88a8d81ce5048"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/setClockGuis/setTimezoneWatch.cpp"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 137449, "scanner": "repobility-threat-engine", "fingerprint": "5b2f18d41a14aa55aebaa01dd5ce31b7d51feab9ed09eef675000a2bb6a35ebc", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Resource name: \" + name + \" is too big because RESOURCES_NAME_LENGTH. Buffer overflow.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b2f18d41a14aa55aebaa01dd5ce31b7d51feab9ed09eef675000a2bb6a35ebc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hardware/fs/imgFs.cpp"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 137448, "scanner": "repobility-threat-engine", "fingerprint": "8d554608ccbab5b012f5ff8f57d5e28075873ad0805c3d4557fb4e7a5b405f20", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Resource name: \" + name + \" is too big because RESOURCES_NAME_LENGTH. Buffer overflow.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8d554608ccbab5b012f5ff8f57d5e28075873ad0805c3d4557fb4e7a5b405f20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hardware/fs/fontFs.cpp"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 137436, "scanner": "repobility-threat-engine", "fingerprint": "cbd6055be5ebf72f9bc6d975bf848cecb57d0dd14c933928ed23e4391b4f9b8a", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(file_path):\n     os.remove(file_path)\n\nwith open(file_path, 'w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cbd6055be5ebf72f9bc6d975bf848cecb57d0dd14c933928ed23e4391b4f9b8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/buildTime/preBuild.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10a8188aa1cd827cd618a32164a36c6eebe50519bf35a05b40faca0f74f3557e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/shades_Szybet/shades.cpp", "duplicate_line": 48, "correlation_key": "fp|10a8188aa1cd827cd618a32164a36c6eebe50519bf35a05b40faca0f74f3557e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/taychron_tay/taychron.cpp"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70ce322a1f0b11f5c09efbc7f2e834cceadaabf5e81b4c115e3d3c5ca0ce9c18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/inkField_Szybet/inkWeather.cpp", "duplicate_line": 18, "correlation_key": "fp|70ce322a1f0b11f5c09efbc7f2e834cceadaabf5e81b4c115e3d3c5ca0ce9c18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/taychron_tay/tayWeather.cpp"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "922f205f9f83e9ccafd6b10d854bac995342d30c40b1024f21dac1198d5ef70b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/domain_DotP/domainWeather.cpp", "duplicate_line": 23, "correlation_key": "fp|922f205f9f83e9ccafd6b10d854bac995342d30c40b1024f21dac1198d5ef70b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/taychron_tay/tayWeather.cpp"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9884a9452ce70a3cbb2946e6d663126fb38d9d05f744cabad2dd75967dc49f53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/shades_Szybet/shades.cpp", "duplicate_line": 43, "correlation_key": "fp|9884a9452ce70a3cbb2946e6d663126fb38d9d05f744cabad2dd75967dc49f53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/station_Szybet/station.cpp"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75bb9f7bf2ba91ce18fe16532cde5fdf57f692637e09d539e53f242b7ba51447", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/domain_DotP/domainWeather.cpp", "duplicate_line": 23, "correlation_key": "fp|75bb9f7bf2ba91ce18fe16532cde5fdf57f692637e09d539e53f242b7ba51447"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/inkField_Szybet/inkWeather.cpp"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9939e941536041a13b19f277e148a37b874ff420a3d6ba7c40a43f02dedc93ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/watchface/watchfaces/domain_DotP/domain.cpp", "duplicate_line": 58, "correlation_key": "fp|9939e941536041a13b19f277e148a37b874ff420a3d6ba7c40a43f02dedc93ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/inkField_Szybet/inkField.cpp"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7498c1dd5f5964a8376b9003ca20d595c9ed59b684833b000be0a70936c184c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/places/weather/weatherQuality.cpp", "duplicate_line": 99, "correlation_key": "fp|7498c1dd5f5964a8376b9003ca20d595c9ed59b684833b000be0a70936c184c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/weather/weatherSwitches.cpp"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20fd5d2a52e69c4cdd1fb2baa4277eba4494a0e7b9cf4e2384a5c7144c4cd048", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/places/dailyStepsChartMenu/dailyStepsChartMenu.cpp", "duplicate_line": 57, "correlation_key": "fp|20fd5d2a52e69c4cdd1fb2baa4277eba4494a0e7b9cf4e2384a5c7144c4cd048"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/weather/weatherSwitches.cpp"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "462639bd55f556dbf6d553e8f14695005a992c555cb0cf44b54fd2839f5ab4b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ui/places/dailyStepsChartMenu/dailyStepsChartMenu.cpp", "duplicate_line": 57, "correlation_key": "fp|462639bd55f556dbf6d553e8f14695005a992c555cb0cf44b54fd2839f5ab4b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/weather/weatherQuality.cpp"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "571e5cde339e71f34aa84e2b619fb7a82b607ebaced2d43ada8406f749bae9be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/hardware/acc/lib/bma4/bma423.h", "duplicate_line": 18, "correlation_key": "fp|571e5cde339e71f34aa84e2b619fb7a82b607ebaced2d43ada8406f749bae9be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hardware/acc/lib/bma4/bma456.h"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ca5e91c11267f4ac1ac9c7d8c4afd50628f41a101e6f7015b3251bafe1e6339", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/rusty/inkrusty/src/apps/set_date.rs", "duplicate_line": 16, "correlation_key": "fp|6ca5e91c11267f4ac1ac9c7d8c4afd50628f41a101e6f7015b3251bafe1e6339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/apps/snake.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7154003bf6ff3d7b44dbb03d136fcbdbff9c990211010214c45859a44b59fd2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/rusty/inkrusty/src/apps/set_date.rs", "duplicate_line": 16, "correlation_key": "fp|7154003bf6ff3d7b44dbb03d136fcbdbff9c990211010214c45859a44b59fd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/apps/set_time.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 137451, "scanner": "repobility-threat-engine", "fingerprint": "b9996ad403865a557da4a3e4d75e522f82a0a26d13e988c84a742d27a6c2a476", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9996ad403865a557da4a3e4d75e522f82a0a26d13e988c84a742d27a6c2a476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/gsr/starfield/moonPhaser.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 137447, "scanner": "repobility-threat-engine", "fingerprint": "151b5208a2cb6179910ab8cf6d4200003fe5a4a06a6d1638ff8b076f0f38ac72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|151b5208a2cb6179910ab8cf6d4200003fe5a4a06a6d1638ff8b076f0f38ac72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/setClockGuis/setTimezoneWatch.cpp"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 137446, "scanner": "repobility-threat-engine", "fingerprint": "23b6849c8d99afbffc84ab0c9eec02efa933cd6c9fb38415637cebbe864e3052", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23b6849c8d99afbffc84ab0c9eec02efa933cd6c9fb38415637cebbe864e3052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/places/baiky/baiky.cpp"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 137445, "scanner": "repobility-threat-engine", "fingerprint": "6bd50043ce2838ecd823b3b7ef213f3cbfb6a483b055a4103955fe39f5bd98ba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6bd50043ce2838ecd823b3b7ef213f3cbfb6a483b055a4103955fe39f5bd98ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hardware/ble/bleMain.cpp"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 137435, "scanner": "repobility-threat-engine", "fingerprint": "f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "aggregated_count": 4}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 137434, "scanner": "repobility-threat-engine", "fingerprint": "3c61c5d1ed5a10bd3bf26cbe8897382e50aa4c336191963dac638220d64e997d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c61c5d1ed5a10bd3bf26cbe8897382e50aa4c336191963dac638220d64e997d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/drawing.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 137433, "scanner": "repobility-threat-engine", "fingerprint": "ff5bbd47c06e1d08e6dda610118819af49326ce398a3de075d1ca7c0414b18a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ff5bbd47c06e1d08e6dda610118819af49326ce398a3de075d1ca7c0414b18a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/apps/snake.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 137432, "scanner": "repobility-threat-engine", "fingerprint": "96b53ce7f47c95ac006731ef756c7991d8f7fa5c4722ac4048b49cb510b8e638", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96b53ce7f47c95ac006731ef756c7991d8f7fa5c4722ac4048b49cb510b8e638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/apps/general_page.rs"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 137431, "scanner": "repobility-threat-engine", "fingerprint": "a4b4c94392c8eb9799d0bdf3b05a0535e10bd82d8c9898f7077c1c07435dc842", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a4b4c94392c8eb9799d0bdf3b05a0535e10bd82d8c9898f7077c1c07435dc842"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/logs.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 137430, "scanner": "repobility-threat-engine", "fingerprint": "2bb2a9197b95cf887dc2ccc6323f1258708219afdb767f68937eb2616f428064", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2bb2a9197b95cf887dc2ccc6323f1258708219afdb767f68937eb2616f428064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/src/lib.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 137429, "scanner": "repobility-threat-engine", "fingerprint": "e54bdaf3fa1ec04df7049131cb3c2f8e83b4f2b03ef124e7c594f3043ad53beb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e54bdaf3fa1ec04df7049131cb3c2f8e83b4f2b03ef124e7c594f3043ad53beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/build.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 137427, "scanner": "repobility-threat-engine", "fingerprint": "2d06773f5e7f0bf519e2c5e314779328b6af335b0b4758ea0e10bfd081cbce50", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2d06773f5e7f0bf519e2c5e314779328b6af335b0b4758ea0e10bfd081cbce50", "aggregated_count": 8}}}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 137474, "scanner": "osv-scanner", "fingerprint": "d7d60add57f09a2e7bc98ad87fe6c806a30867fdeeb076d340c7e6df62672813", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|d7d60add57f09a2e7bc98ad87fe6c806a30867fdeeb076d340c7e6df62672813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 137473, "scanner": "osv-scanner", "fingerprint": "8917536c5772995bfd372cacdbe3845cec91d4875867738afcaa210bdef70e01", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|8917536c5772995bfd372cacdbe3845cec91d4875867738afcaa210bdef70e01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/inkrusty/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 137472, "scanner": "osv-scanner", "fingerprint": "c83471f56f12882123d13323712fc2cd632f5eff30e2cd8bff767c504b4d2230", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|c83471f56f12882123d13323712fc2cd632f5eff30e2cd8bff767c504b4d2230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/set_time/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 137471, "scanner": "osv-scanner", "fingerprint": "f173309ef587d361f943b89f9e7f241e71c87ff01ef23ada8633f553a0c6176f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|f173309ef587d361f943b89f9e7f241e71c87ff01ef23ada8633f553a0c6176f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/set_time/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 137470, "scanner": "osv-scanner", "fingerprint": "2f86545aace59a18e868b194e56edd7c651eb6f61d038e86cf7376985d818077", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|2f86545aace59a18e868b194e56edd7c651eb6f61d038e86cf7376985d818077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/set_date/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 137469, "scanner": "osv-scanner", "fingerprint": "2e9b3fb17f89a2a474a82712d509f449d5d809adc16ad7bf70acf6e1985f6b95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|2e9b3fb17f89a2a474a82712d509f449d5d809adc16ad7bf70acf6e1985f6b95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/set_date/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0068", "level": "error", "message": {"text": "tar: RUSTSEC-2026-0068"}, "properties": {"repobilityId": 137467, "scanner": "osv-scanner", "fingerprint": "cb6e7863476cbef0ff4cca5d7a89623c71ea9fe8f14f32fc4d58d41181e84e0a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33055", "GHSA-gchp-q4r4-x4ff"], "package": "tar", "rule_id": "RUSTSEC-2026-0068", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-33055|token", "duplicate_count": 7, "duplicate_rule_ids": ["GHSA-gchp-q4r4-x4ff", "RUSTSEC-2026-0068"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["21567f2c73e86e24517222bd108c351bc5c62e9e77e3548755ef6acbd0d55feb", "36300a4b00b9993e36572620df9170685987c9b32ccc9abec0cf77a67e72cb9a", "38f833fc66d81b1e3ac8e7dffd4cf6c5fd0a8f6ef456115cbaf986f50c55c91e", "5740162fc7d5cb1a4bffa331c9f7865ef8e4c4227da9d95db190e3dd22a1e595", "87dd9fa8396c378802e70a6e08343fa0fc84d1a4f8bbb85060569be64d46b5df", "cb6e7863476cbef0ff4cca5d7a89623c71ea9fe8f14f32fc4d58d41181e84e0a", "d9333c9767c11d5cd517a30c281079407cb26da518e1ac00268ba6b41361b868", "ea1b548193f710db4bcf9f843bcf132c5bda038d4f0ac8848478479fae1f0207"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0067", "level": "error", "message": {"text": "tar: RUSTSEC-2026-0067"}, "properties": {"repobilityId": 137466, "scanner": "osv-scanner", "fingerprint": "fda31e9d3a5b73cdb9609e9cfb6bf27b288ed55ee810b3a9229c692971aa36a9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33056", "GHSA-j4xf-2g29-59ph"], "package": "tar", "rule_id": "RUSTSEC-2026-0067", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-33056|token", "duplicate_count": 7, "duplicate_rule_ids": ["GHSA-j4xf-2g29-59ph", "RUSTSEC-2026-0067"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2b25d16996a37ac9d1f80a757de9db73837cc5540382b6d7942cdad6554a1de8", "31ea471418b5cca6aa3abd31d3a3945c7f10b7f055b3b49086b08086471eaefa", "6164ddd0777bb94baa9ce70c4988390d4d21212ab8f7e57ec8b216c302c6b476", "8266ee073d3eb6c1c89a98f5733678e19ad17ed708032aba328fd306a625c3fb", "9ebba68bbab29348a20e20f5d735b81d3ffa67c1c308e18d1a2210a3f0cc6b52", "aaf18327c574d0de690b175874cffdbc0a152d6c67418e0750ecb0944955b54c", "f3499f1c8a71fb65146d088141faea43ff2089594e461015429272de5aba2070", "fda31e9d3a5b73cdb9609e9cfb6bf27b288ed55ee810b3a9229c692971aa36a9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 137465, "scanner": "osv-scanner", "fingerprint": "beac13534e10c57aa00234cd866d753c916616ed421765dd64f4ee7bf2f199be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|token", "duplicate_count": 7, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1867e42f95423f2ef3dff3f9171bf4d2c716a68c4bbe7550f8b8fe808953fced", "28a64e34f60164b97ee047dbccabfb5572604d4f1b8bdde40d5a530670cf7bda", "3e8a5a0e12f437f74b38157148d1426dcbced3ab01fd9cb489ce6d40a640687e", "3e9b8dbe8d2915de06f5109f7d2c517a129b48d45cf036b137351379471d47c9", "beac13534e10c57aa00234cd866d753c916616ed421765dd64f4ee7bf2f199be", "df8a7d90ac85f2faa970158d0c44538a11f422f3ec4f7611955e4826d2fb857e", "ee7355a86fb9cee88a4df7d63903ab1b382102556d38e1eab99ac90dabc36dea", "f2dad03a0ed93bed56eca9fb55dd83cca4fca9f94fbb4e1770ee1a49e71bce50"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 137464, "scanner": "osv-scanner", "fingerprint": "7be403c93bc044216b0c073fb717da0e3350f7e35871a917aa1f258e35cc916a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|7be403c93bc044216b0c073fb717da0e3350f7e35871a917aa1f258e35cc916a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0002", "level": "error", "message": {"text": "lru: RUSTSEC-2026-0002"}, "properties": {"repobilityId": 137463, "scanner": "osv-scanner", "fingerprint": "3b221d837e4ae52db80657e96cc360f84500125edc786d0d01ed446d59a1b1ca", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-rhfx-m35p-ff5j"], "package": "lru", "rule_id": "RUSTSEC-2026-0002", "scanner": "osv-scanner", "correlation_key": "vuln|lru|GHSA-RHFX-M35P-FF5J|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-rhfx-m35p-ff5j", "RUSTSEC-2026-0002"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3b221d837e4ae52db80657e96cc360f84500125edc786d0d01ed446d59a1b1ca", "5782cb8b12dd2602a2ee8fb58ebd72db728a4df8ebabe90149678b77760a237c", "59d1f1f9566109e734174b7a12242f756f720ab712e985284bf28e479c29bbce", "873180f96a661fb65a74b20de36b3c8e55abb8f7ebb6efb3dfef8d15ffb27233", "912d0213bbdda56fd6da44a47bcb2f0d2c0a655bc186aa330ed2f16967d22d8d", "bbb5814ea7100cbe9d4cf3d12b9cf7f97194c8f25bd98f9c546782ea49a54596"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0007", "level": "error", "message": {"text": "bytes: RUSTSEC-2026-0007"}, "properties": {"repobilityId": 137462, "scanner": "osv-scanner", "fingerprint": "d082a1c0ec0826649ced62979cb9c0e83ab4d453c98af22b2af9a4ef140166f4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25541", "GHSA-434x-w66g-qw3r"], "package": "bytes", "rule_id": "RUSTSEC-2026-0007", "scanner": "osv-scanner", "correlation_key": "vuln|bytes|CVE-2026-25541|token", "duplicate_count": 7, "duplicate_rule_ids": ["GHSA-434x-w66g-qw3r", "RUSTSEC-2026-0007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0e9eda75e77b9c640e073936071c0cb51ec2c698f225e91f49dd0664da1fab02", "17a2d88774ef3ba95607a66430da5a9db84a68f532e7c1b211e67b568659d4bc", "362a266d4a4d6a16dfbdec5e6101a44219a5c2825ef01ef088a86feaf41274d1", "4d094c0b0774123f5c6ca25e3b15b9ffbbd579ca91dfc4da805cd7f9745954f9", "4dfd0b835e9c37caeab9f2ba9e3f460eb7e865a639f6e40c3b6bf374b871e4a9", "6cb1eae1253375fceeeb4656a026f19d02db18810d55912fef4a6b07ab059271", "7a16d2cd2110e6edddd164785c5397addaabb95931130091e7c076ecd0757269", "d082a1c0ec0826649ced62979cb9c0e83ab4d453c98af22b2af9a4ef140166f4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 137461, "scanner": "osv-scanner", "fingerprint": "79b949902784a7de1737f4631712f97d61ef7ef69479521e68fda7bc2c792c4c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|79b949902784a7de1737f4631712f97d61ef7ef69479521e68fda7bc2c792c4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 137440, "scanner": "repobility-threat-engine", "fingerprint": "89f104145c5656cc0cc0be4727f4c8089d9b113d5211ec053c30de85d9959045", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89f104145c5656cc0cc0be4727f4c8089d9b113d5211ec053c30de85d9959045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/setup/installRust.sh"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 137439, "scanner": "repobility-threat-engine", "fingerprint": "a8be6492287320dafd8d871caaa4042048578279382efdb8213e54448bb230cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8be6492287320dafd8d871caaa4042048578279382efdb8213e54448bb230cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/other/depracated/generatePartTable.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 137437, "scanner": "repobility-threat-engine", "fingerprint": "2dc3f575104da2d6704cecd2fe479651db7300bddea40520c1b3cb502e4f624f", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|29|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tools/fs/compressFile.c"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 137426, "scanner": "repobility-threat-engine", "fingerprint": "8619e872233d11a9629a4ceaa708dca54bbfb97c739641f21131455575d38476", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8619e872233d11a9629a4ceaa708dca54bbfb97c739641f21131455575d38476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/set_date/build.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 137425, "scanner": "repobility-threat-engine", "fingerprint": "94a8db23728d8c14712dbb1d2bf0175b1ca2b155b943b61899b309e80acc9eed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94a8db23728d8c14712dbb1d2bf0175b1ca2b155b943b61899b309e80acc9eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/src/lib.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 137424, "scanner": "repobility-threat-engine", "fingerprint": "4bb4d78410da3d6440d7828a5dc32845c15e90bcc5f902eb34b7e2d16122266e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4bb4d78410da3d6440d7828a5dc32845c15e90bcc5f902eb34b7e2d16122266e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/rusty/crates/general_page/build.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 137409, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 137444, "scanner": "repobility-threat-engine", "fingerprint": "92efc51a17364fa54924bb0b7f665482171c6658b593e8d59ee1e27dd38e8e0a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92efc51a17364fa54924bb0b7f665482171c6658b593e8d59ee1e27dd38e8e0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ui/watchface/watchfaces/slate_Suddoku/slate.cpp"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 137443, "scanner": "repobility-threat-engine", "fingerprint": "a736c6da1781ec68e41b756e05ccc454102610e8fc0c5435ed95160f1222a210", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a736c6da1781ec68e41b756e05ccc454102610e8fc0c5435ed95160f1222a210"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hardware/ble/bleMain.cpp"}, "region": {"startLine": 116}}}]}]}]}