https://github.com/PaddlePaddle/PaddleOCR ·
lang: python ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED111 Bare except continues silently |
medium | 25 |
MINED124 requirements.txt entry has no version pin |
medium | 25 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED118 Dockerfile FROM not pinned by sha256 digest |
high | 23 |
MINED109 Mutable default argument |
medium | 23 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 22 |
DKC006 Compose service does not declare a runtime user |
low | 20 |
DKR002 Dockerfile base image has no explicit tag |
medium | 18 |
COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
benchmark/PaddleOCR_DBNet/base/base_trainer.py:21
· conf 0.95
[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested bra…DKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml:1
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml:28
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml:1
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml:31
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml:1
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml:26
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKR001
Docker final stage has no non-root USER
deploy/docker/hubserving/cpu/Dockerfile:2
· conf 0.82
Docker final stage has no non-root USERDKR001
Docker final stage has no non-root USER
deploy/docker/hubserving/gpu/Dockerfile:2
· conf 0.82
Docker final stage has no non-root USERDKR007
Docker build context has no .dockerignore
.dockerignore
· conf 0.90
Docker build context has no .dockerignoreERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
benchmark/PaddleOCR_DBNet/utils/metrics.py:30
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
ppocr/data/simple_dataset.py:82
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
tools/train.py:183
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
ppocr/data/multi_scale_sampler.py:10
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:48
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:146
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:251
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:400
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:505
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:614
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:641
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:671
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:706
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:745
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:813
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/losses/distillation_loss.py:840
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/db_postprocess.py:260
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/picodet_postprocess.py:108
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/rec_postprocess.py:241
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/rec_postprocess.py:840
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/vqa_token_re_layoutlm_postprocess.py:82
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
ppocr/postprocess/vqa_token_ser_layoutlm_postprocess.py:102
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
test_tipc/supplementary/optimizer.py:132
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
test_tipc/supplementary/optimizer.py:256
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
tools/program.py:200
· conf 1.00
[MINED109] Mutable default argument in `train` (list): `def train(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it…MINED109
Mutable default argument
CWE-1023
tools/program.py:661
· conf 1.00
[MINED109] Mutable default argument in `eval` (list): `def eval(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it i…MINED111
Bare except continues silently
benchmark/analysis.py:146
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmark/analysis.py:350
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_api_client/_async_http.py:179
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_api_client/cli.py:221
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_api_client/cli.py:314
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_doc2md/converters/pptx.py:349
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_doc2md/converters/pptx.py:412
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_doc2md/converters/pptx.py:455
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_doc2md/converters/xlsx.py:71
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
paddleocr/_doc2md/math/__init__.py:25
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/imaug/ct_process.py:97
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/imaug/make_pse_gt.py:99
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/imaug/operators.py:310
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/imaug/rec_img_aug.py:928
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/latexocr_dataset.py:147
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/data/pgnet_dataset.py:86
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/modeling/heads/rec_cppd_head.py:21
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/postprocess/ct_postprocess.py:145
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/postprocess/east_postprocess.py:80
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/postprocess/rec_postprocess.py:976
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
ppocr/utils/e2e_metric/Deteval.py:354
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
test_tipc/compare_results.py:52
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
test_tipc/compare_results.py:70
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
test_tipc/supplementary/load_cifar.py:15
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tools/program.py:296
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED124
requirements.txt entry has no version pin
CWE-1357
deploy/avh/requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `paddlepaddle` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosq…MINED124
requirements.txt entry has no version pin
CWE-1357
deploy/avh/requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…MINED124
requirements.txt entry has no version pin
CWE-1357
deploy/avh/requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `opencv-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typos…MINED124
requirements.txt entry has no version pin
CWE-1357
deploy/avh/requirements.txt:4
· conf 0.90
[MINED124] requirements.txt: `typing-extensions` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (t…MINED124
requirements.txt entry has no version pin
CWE-1357
docs/version2.x/algorithm/formula_recognition/requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `imagesize` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquat…MINED124
requirements.txt entry has no version pin
CWE-1357
docs/version2.x/algorithm/formula_recognition/requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `ftfy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
docs/version2.x/algorithm/formula_recognition/requirements.txt:4
· conf 0.90
[MINED124] requirements.txt: `Wand` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
ppstructure/kie/requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `sentencepiece` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typos…MINED124
requirements.txt entry has no version pin
CWE-1357
ppstructure/kie/requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `yacs` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `shapely` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `scikit-image` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosq…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `pyclipper` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquat…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:5
· conf 0.90
[MINED124] requirements.txt: `lmdb<1.5; python_version < "3.9"` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce ma…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:6
· conf 0.90
[MINED124] requirements.txt: `tqdm` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:7
· conf 0.90
[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:8
· conf 0.90
[MINED124] requirements.txt: `rapidfuzz` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquat…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:9
· conf 0.90
[MINED124] requirements.txt: `opencv-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typos…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:10
· conf 0.90
[MINED124] requirements.txt: `opencv-contrib-python` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious cod…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:11
· conf 0.90
[MINED124] requirements.txt: `cython` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:12
· conf 0.90
[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:13
· conf 0.90
[MINED124] requirements.txt: `pyyaml` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:14
· conf 0.90
[MINED124] requirements.txt: `requests` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:15
· conf 0.90
[MINED124] requirements.txt: `albumentations` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typo…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:17
· conf 0.90
[MINED124] requirements.txt: `albucore` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:18
· conf 0.90
[MINED124] requirements.txt: `packaging` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquat…SEC005
Command Injection Risk
test_tipc/compare_results.py:26
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC007
Unsafe Deserialization
paddleocr-js/packages/core/src/models/common.ts:38
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
paddleocr-js/packages/core/src/pipelines/ocr/config.ts:81
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
ppocr/losses/center_loss.py:46
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC037
Uncontrolled Recursion — stack/depth exhaustion
paddleocr-js/packages/core/src/pipelines/ocr/config.ts:81
· conf 1.00
[SEC037] Uncontrolled Recursion — stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker se…SEC045
eval()/exec() on stored or user-supplied data
benchmark/PaddleOCR_DBNet/base/base_dataset.py:43
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
benchmark/PaddleOCR_DBNet/data_loader/__init__.py:89
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
benchmark/PaddleOCR_DBNet/models/__init__.py:21
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC127
AI agent stub — TODO: implement / pass placeholder body
benchmark/PaddleOCR_DBNet/base/base_trainer.py:185
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
paddleocr/_abstract.py:20
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
paddleocr/_models/_doc_vlm.py:43
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC134
AI scaffold leftover — Lorem ipsum / example.com / John Doe in code
api_sdk/go/examples/doc_parsing_file/main.go:46
· conf 1.00
[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…SEC134
AI scaffold leftover — Lorem ipsum / example.com / John Doe in code
api_sdk/go/examples/ocr_url/main.go:33
· conf 1.00
[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…SEC134
AI scaffold leftover — Lorem ipsum / example.com / John Doe in code
api_sdk/typescript/examples/doc-parsing-file.ts:32
· conf 1.00
[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…SEC136
AI-typical over-broad exception handler swallowing all errors
benchmark/PaddleOCR_DBNet/post_processing/__init__.py:12
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
benchmark/PaddleOCR_DBNet/utils/ocr_metric/__init__.py:18
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…AIC003
Duplicated implementation block across source files
api_sdk/typescript/src/internal/poller.ts:117
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/cpp_infer/src/modules/text_detection/predictor.h:8
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/cpp_infer/src/modules/text_recognition/predictor.h:9
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/cpp_infer/src/pipelines/doc_preprocessor/pipeline.h:11
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/cpp_infer/src/pipelines/ocr/pipeline.h:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/kie_ser_re/module.py:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_cls/module.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_det/module.py:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_det/module.py:73
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_rec/module.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_rec/module.py:60
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_rec/module.py:72
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_system/module.py:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_system/module.py:109
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/ocr_system/params.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_layout/module.py:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_system/module.py:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_system/module.py:49
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_table/module.py:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_table/module.py:49
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/hubserving/structure_table/module.py:84
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/slim/prune/sensitivity_anal.py:43
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/slim/quantization/quant_kl.py:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/slim/quantization/quant_kl.py:41
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/slim/quantization/quant.py:39
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
deploy/slim/quantization/quant.py:51
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
mcp_server/paddleocr_mcp/inference/paddleocr_vl/aistudio.py:43
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
mcp_server/paddleocr_mcp/inference/pp_structurev3/aistudio.py:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
mcp_server/paddleocr_mcp/inference/pp_structurev3/aistudio.py:40
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
mcp_server/paddleocr_mcp/inference/pp_structurev3/local.py:30
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
benchmark/PaddleOCR_DBNet/base/base_dataset.py:34
· conf 0.95
[COMP001] High cognitive complexity: Function `_init_pre_processes` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand —…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
benchmark/PaddleOCR_DBNet/base/base_dataset.py:61
· conf 0.95
[COMP001] High cognitive complexity: Function `__getitem__` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested …DKC006
Compose service does not declare a runtime user
deploy/paddleocr_vl_docker/hps/compose.yaml:1
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
deploy/paddleocr_vl_docker/hps/compose.yaml:28
· conf 0.56
Compose service does not declare a runtime userDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/hps/compose.yaml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/paddleocr_vl_docker/hps/compose.yaml:28
· conf 0.62
Compose service lacks no-new-privileges hardeningERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
api_sdk/go/resource.go:97
· conf 1.00
[ERR003] Ignored Error (Go): Ignoring error return values.ERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
api_sdk/go/transport.go:112
· conf 1.00
[ERR003] Ignored Error (Go): Ignoring error return values.SEC124
TOCTOU file access (os.access then open)
configs/rec/multi_language/generate_multi_language_configs.py:261
· conf 1.00
[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated …SEC124
TOCTOU file access (os.access then open)
ppstructure/table/eval_table.py:55
· conf 1.00
[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated …SEC124
TOCTOU file access (os.access then open)
tools/end2end/convert_ppocr_label.py:78
· conf 1.00
[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated …SEC132
String concat where the language has interpolation (AI style drift)
benchmark/PaddleOCR_DBNet/utils/ocr_metric/icdar2015/detection/iou.py:197
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
deploy/android_demo/app/src/main/java/com/baidu/paddle/lite/demo/ocr/Predictor.java:156
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
ppocr/metrics/eval_det_iou.py:166
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 211 more): Same pattern found in 211 additional files. Review if needed.DKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/amd-gpu/compose.yaml:28
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/huawei-npu/compose.yaml:23
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/hygon-dcu/compose.yaml:31
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/iluvatar-gpu/compose.yaml:26
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/intel-gpu/compose.yaml:21
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/kunlunxin-xpu/compose.yaml:19
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/metax-gpu/compose.yaml:27
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu/compose.yaml:26
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml:1
· conf 0.48
Compose service `paddleocr-vl-api` image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
deploy/paddleocr_vl_docker/accelerators/nvidia-gpu-sm120/compose.yaml:26
· conf 0.48
Compose service `paddleocr-vlm-server` image is selected through a build variableMINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED018
Unsafe Deserialization Pickle
CWE-502
[MINED018] Unsafe Deserialization Pickle (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED030
Python Pickle Loads
CWE-502
[MINED030] Python Pickle Loads (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED042
Cpp New Without Delete
CWE-401
[MINED042] Cpp New Without Delete (and 14 more): Same pattern found in 14 additional files. Review if needed.MINED042
Cpp New Without Delete
CWE-401
deploy/cpp_infer/src/api/models/doc_img_orientation_classification.cc:40
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
deploy/cpp_infer/src/api/models/text_detection.cc:37
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
deploy/cpp_infer/src/api/models/text_image_unwarping.cc:37
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED043
Http Not Https
CWE-319
[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED043
Http Not Https
CWE-319
deploy/avh/configure_avh.sh:50
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
mcp_server/paddleocr_mcp/inference/ocr/aistudio.py:100
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
mcp_server/paddleocr_mcp/inference/paddleocr_vl/aistudio.py:110
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED044
Js Console Log Prod
CWE-532
[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
api_sdk/typescript/examples/doc-parsing-file.ts:28
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
api_sdk/typescript/examples/ocr-url.ts:26
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
paddleocr-js/apps/demo/src/main.ts:197
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED045
Ts Non Null Assertion
CWE-476
api_sdk/typescript/src/internal/http.ts:172
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
api_sdk/typescript/src/internal/poller.ts:116
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
paddleocr-js/packages/core/src/resources/model-asset.ts:91
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED049
Print Pii
CWE-532
mcp_server/paddleocr_mcp/__main__.py:137
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 46 more): Same pattern found in 46 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
benchmark/PaddleOCR_DBNet/base/base_dataset.py:54
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
benchmark/PaddleOCR_DBNet/base/base_trainer.py:175
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
benchmark/PaddleOCR_DBNet/data_loader/__init__.py:46
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED055
Npm Install No Lockfile
CWE-1357
deploy/avh/configure_avh.sh:78
· conf 1.00
[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.MINED055
Npm Install No Lockfile
CWE-1357
test_tipc/prepare_lite_cpp.sh:44
· conf 1.00
[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.MINED060
Go Context No Cancel
CWE-401
api_sdk/go/examples/doc_parsing_file/main.go:30
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/3dad2478-306d-4d44-a628-9cd6ca4ce6f2/.