https://github.com/Thysrael/Horizon ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 24 |
MINED106 Phantom test coverage (assertion-free test) |
high | 22 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 6 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
MINED050 Stub Only Function |
info | 4 |
SEC136 AI-typical over-broad exception handler swallowing all erro… |
medium | 3 |
MINED062 Python Dataclass No Fields |
info | 3 |
MINED006 Overcatch Baseexception |
high | 2 |
MINED107 Missing Python import (NameError at runtime) |
critical | 2 |
MINED107
Missing Python import (NameError at runtime)
CWE-1075
src/mcp/service.py:184
· conf 1.00
[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes.MINED107
Missing Python import (NameError at runtime)
CWE-1075
src/services/webhook.py:191
· conf 1.00
[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes.COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
src/ai/enricher.py:135
· conf 0.95
[COMP001] High cognitive complexity: Function `_enrich_item` has cognitive complexity 44 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…MINED001
Bare Except Pass
CWE-755
src/ai/utils.py:18
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED006
Overcatch Baseexception
CWE-705
src/main.py:74
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED006
Overcatch Baseexception
CWE-705
src/services/webhook_cli.py:206
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED020
Logging Credential Via Fstring
CWE-532
src/services/email.py:46
· conf 1.00
[MINED020] Logging Credential Via Fstring: logger.error(f"failed for {api_key}") — secrets end up in log aggregators / sentry.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_azure_client.py:46
· conf 1.00
[MINED106] Phantom test coverage: test_raises_when_api_key_missing: Test function `test_raises_when_api_key_missing` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_azure_client.py:53
· conf 1.00
[MINED106] Phantom test coverage: test_raises_when_endpoint_missing: Test function `test_raises_when_endpoint_missing` runs code but contains no assert / expect / should call — it passes regardless o…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_mcp_run_store.py:55
· conf 1.00
[MINED106] Phantom test coverage: test_unsupported_stage_raises: Test function `test_unsupported_stage_raises` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_mcp_run_store.py:63
· conf 1.00
[MINED106] Phantom test coverage: test_missing_run_raises: Test function `test_missing_run_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_mcp_run_store.py:79
· conf 1.00
[MINED106] Phantom test coverage: test_rejects_unsafe_summary_language: Test function `test_rejects_unsafe_summary_language` runs code but contains no assert / expect / should call — it passes regard…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_mcp_run_store.py:87
· conf 1.00
[MINED106] Phantom test coverage: test_missing_artifact_raises: Test function `test_missing_artifact_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_minimax_client.py:35
· conf 1.00
[MINED106] Phantom test coverage: test_raises_when_api_key_missing: Test function `test_raises_when_api_key_missing` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_storage.py:6
· conf 1.00
[MINED106] Phantom test coverage: test_load_config_missing_file: Test function `test_load_config_missing_file` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:382
· conf 1.00
[MINED106] Phantom test coverage: test_disabled_webhook_skips_notification: Test function `test_disabled_webhook_skips_notification` runs code but contains no assert / expect / should call — it passe…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:691
· conf 1.00
[MINED106] Phantom test coverage: test_http_error_logged: Test function `test_http_error_logged` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:977
· conf 1.00
[MINED106] Phantom test coverage: test_language_filter_skips_non_matching_lang: Test function `test_language_filter_skips_non_matching_lang` runs code but contains no assert / expect / should call — …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1004
· conf 1.00
[MINED106] Phantom test coverage: test_language_filter_passes_matching_lang: Test function `test_language_filter_passes_matching_lang` runs code but contains no assert / expect / should call — it pas…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1031
· conf 1.00
[MINED106] Phantom test coverage: test_no_language_filter_sends_all: Test function `test_no_language_filter_sends_all` runs code but contains no assert / expect / should call — it passes regardless o…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1189
· conf 1.00
[MINED106] Phantom test coverage: test_no_hostname_raises_value_error: Test function `test_no_hostname_raises_value_error` runs code but contains no assert / expect / should call — it passes regardle…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1197
· conf 1.00
[MINED106] Phantom test coverage: test_wrong_scheme_raises_value_error: Test function `test_wrong_scheme_raises_value_error` runs code but contains no assert / expect / should call — it passes regard…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1208
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_port_raises_value_error: Test function `test_invalid_port_raises_value_error` runs code but contains no assert / expect / should call — it passes regard…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1216
· conf 1.00
[MINED106] Phantom test coverage: test_empty_env_var_value_raises_value_error: Test function `test_empty_env_var_value_raises_value_error` runs code but contains no assert / expect / should call — it…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1549
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_delivery_raises_validation_error: Test function `test_invalid_delivery_raises_validation_error` runs code but contains no assert / expect / should call …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1553
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_platform_raises_validation_error: Test function `test_invalid_platform_raises_validation_error` runs code but contains no assert / expect / should call …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1557
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_layout_raises_validation_error: Test function `test_invalid_layout_raises_validation_error` runs code but contains no assert / expect / should call — it…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1561
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_fallback_layout_raises_validation_error: Test function `test_invalid_fallback_layout_raises_validation_error` runs code but contains no assert / expect …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_webhook.py:1565
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_overview_position_raises_validation_error: Test function `test_invalid_overview_position_raises_validation_error` runs code but contains no assert / exp…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:70
· conf 1.00
[MINED108] `self._determine_time_window` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self._determine_time_window`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:74
· conf 1.00
[MINED108] `self.fetch_all_sources` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self.fetch_all_sources`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:82
· conf 1.00
[MINED108] `self.merge_cross_source_duplicates` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self.merge_cross_source_duplicates`, but no assignment to it ex…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:90
· conf 1.00
[MINED108] `self._analyze_content` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self._analyze_content`, but no assignment to it exists in __init__ (and no c…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:106
· conf 1.00
[MINED108] `self.merge_topic_duplicates` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self.merge_topic_duplicates`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:115
· conf 1.00
[MINED108] `self._expand_twitter_discussion` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self._expand_twitter_discussion`, but no assignment to it exists i…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:120
· conf 1.00
[MINED108] `self._sub_source_label` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self._sub_source_label`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:127
· conf 1.00
[MINED108] `self._enrich_important_items` used but never assigned in __init__: Method `run` of class `HorizonOrchestrator` reads `self._enrich_important_items`, but no assignment to it exists in __in…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:245
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:250
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:255
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:260
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:265
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:270
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:275
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:280
· conf 1.00
[MINED108] `self._fetch_with_progress` used but never assigned in __init__: Method `fetch_all_sources` of class `HorizonOrchestrator` reads `self._fetch_with_progress`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
src/orchestrator.py:313
· conf 1.00
[MINED108] `self._sub_source_label` used but never assigned in __init__: Method `_fetch_with_progress` of class `HorizonOrchestrator` reads `self._sub_source_label`, but no assignment to it exists in…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1268
· conf 1.00
[MINED108] `self._make_notifier` used but never assigned in __init__: Method `test_2xx_success_prints_response` of class `TestHTTPStatusHandling` reads `self._make_notifier`, but no assignment to it …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1290
· conf 1.00
[MINED108] `self._cleanup` used but never assigned in __init__: Method `test_2xx_success_prints_response` of class `TestHTTPStatusHandling` reads `self._cleanup`, but no assignment to it exists in __…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1294
· conf 1.00
[MINED108] `self._make_notifier` used but never assigned in __init__: Method `test_2xx_feishu_error_code_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._make_notifier`, but no a…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1315
· conf 1.00
[MINED108] `self._cleanup` used but never assigned in __init__: Method `test_2xx_feishu_error_code_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._cleanup`, but no assignment to…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1319
· conf 1.00
[MINED108] `self._make_notifier` used but never assigned in __init__: Method `test_2xx_dingtalk_error_code_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._make_notifier`, but no…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1340
· conf 1.00
[MINED108] `self._cleanup` used but never assigned in __init__: Method `test_2xx_dingtalk_error_code_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._cleanup`, but no assignment …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1344
· conf 1.00
[MINED108] `self._make_notifier` used but never assigned in __init__: Method `test_2xx_slack_ok_false_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._make_notifier`, but no assi…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_webhook.py:1364
· conf 1.00
[MINED108] `self._cleanup` used but never assigned in __init__: Method `test_2xx_slack_ok_false_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._cleanup`, but no assignment to it…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/daily-summary.yml:16
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/daily-summary.yml:19
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/daily-summary.yml:24
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v3`: `uses: astral-sh/setup-uv@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/daily-summary.yml:43
· conf 0.90
[MINED115] Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`: `uses: peaceiris/actions-gh-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/deploy-docs.yml:18
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/deploy-docs.yml:21
· conf 0.90
[MINED115] Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`: `uses: peaceiris/actions-gh-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
Dockerfile:2
· conf 0.90
[MINED118] Dockerfile FROM `python:3.11-slim` not pinned by digest: `FROM python:3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/scrapers/openbb.py:149
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/mcp/run_store.py:73
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…AGT007
localStorage write failures are swallowed silently
docs/assets/js/horizon.js:109
· conf 0.80
localStorage write failures are swallowed silentlyCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
src/ai/summarizer.py:159
· conf 0.95
[COMP001] High cognitive complexity: Function `_format_item` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…DKR001
Docker final stage has no non-root USER
Dockerfile:2
· conf 0.82
Docker final stage has no non-root USERMINED111
Bare except continues silently
src/ai/analyzer.py:53
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/ai/client.py:186
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/ai/client.py:319
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/ai/enricher.py:52
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/ai/enricher.py:85
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/ai/enricher.py:128
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/main.py:66
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/main.py:77
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:101
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:117
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:301
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:323
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:345
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:367
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/server.py:389
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/mcp/service.py:585
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/orchestrator.py:171
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/orchestrator.py:432
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/orchestrator.py:502
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/scrapers/rss.py:142
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/search.py:23
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/search.py:48
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/services/webhook_cli.py:209
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
src/setup/ai_recommend.py:49
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC034
Log Injection / Log Forging — unsanitized user input in log
src/scrapers/twitter.py:46
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…SEC134
AI scaffold leftover — Lorem ipsum / example.com / John Doe in code
src/services/webhook_cli.py:29
· conf 1.00
[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…SEC136
AI-typical over-broad exception handler swallowing all errors
src/ai/enricher.py:75
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
src/search.py:19
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
src/setup/ai_recommend.py:44
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
src/ai/summarizer.py:112
· conf 0.95
[COMP001] High cognitive complexity: Function `generate_webhook_overview` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to underst…DKC006
Compose service does not declare a runtime user
docker-compose.yml:1
· conf 0.56
Compose service does not declare a runtime userDKC010
Compose service lacks no-new-privileges hardening
docker-compose.yml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsSEC006
XSS Risk
docs/assets/js/horizon.js:17
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 26 more): Same pattern found in 26 additional files. Review if needed.MINED049
Print Pii
CWE-532
src/services/email.py:49
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
src/ai/summarizer.py:64
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
src/ai/utils.py:19
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
src/scrapers/base.py:34
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED062
Python Dataclass No Fields
src/mcp/errors.py:9
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
src/mcp/horizon_adapter.py:31
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
src/mcp/run_store.py:24
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.SEC020
Secret Printed to Logs
src/services/webhook_cli.py:106
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/232cd5aa-f1f3-48cd-a1c5-3b1fd6cfbaab/.