tinygrad/tinygrad

[COMP001] High cognitive complexity: Function `render` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branc…

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).

[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).

[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).

[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.

[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — React skips re-render on mutated reference.

[MINED036] Python Os System Call: os.system() invokes shell with no escaping.

[MINED036] Python Os System Call: os.system() invokes shell with no escaping.

[MINED036] Python Os System Call: os.system() invokes shell with no escaping.

[MINED106] Phantom test coverage: test_warp_size: Test function `test_warp_size` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage withou…

[MINED106] Phantom test coverage: test_reg_count: Test function `test_reg_count` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage withou…

[MINED106] Phantom test coverage: test_memory_latency: Test function `test_memory_latency` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…

[MINED106] Phantom test coverage: test_cacheline_size: Test function `test_cacheline_size` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…

[MINED106] Phantom test coverage: test_read_bandwidth: Test function `test_read_bandwidth` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…

[MINED106] Phantom test coverage: test_gflops: Test function `test_gflops` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without veri…

[MINED106] Phantom test coverage: test_empty: Test function `test_empty` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verify…

[MINED106] Phantom test coverage: test_gemm_backward_custom: Test function `test_gemm_backward_custom` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Add…

[MINED106] Phantom test coverage: test_custom_kernel_sched_copy: Test function `test_custom_kernel_sched_copy` runs code but contains no assert / expect / should call — it passes regardless of behavi…

[MINED106] Phantom test coverage: test_torch_interop: Test function `test_torch_interop` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…

[MINED106] Phantom test coverage: test_torch_interop_write: Test function `test_torch_interop_write` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds …

[MINED106] Phantom test coverage: test_kernel_cache_in_action: Test function `test_kernel_cache_in_action` runs code but contains no assert / expect / should call — it passes regardless of behaviour.…

[MINED106] Phantom test coverage: test_simple_setitem: Test function `test_simple_setitem` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…

[MINED106] Phantom test coverage: test_setitem_fancy_on_unrealized_view: Test function `test_setitem_fancy_on_unrealized_view` runs code but contains no assert / expect / should call — it passes rega…

[MINED106] Phantom test coverage: test_setitem_chained_indexing: Test function `test_setitem_chained_indexing` runs code but contains no assert / expect / should call — it passes regardless of behavi…

[MINED106] Phantom test coverage: test_setitem_inplace_operator: Test function `test_setitem_inplace_operator` runs code but contains no assert / expect / should call — it passes regardless of behavi…

[MINED106] Phantom test coverage: test_setitem_consecutive_inplace_operator: Test function `test_setitem_consecutive_inplace_operator` runs code but contains no assert / expect / should call — it pas…

[MINED106] Phantom test coverage: test_symbolic_var_sum: Test function `test_symbolic_var_sum` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line c…

[MINED106] Phantom test coverage: test_symbolic_var_sum_alt_name: Test function `test_symbolic_var_sum_alt_name` runs code but contains no assert / expect / should call — it passes regardless of beha…

[MINED106] Phantom test coverage: test_symbolic_triu: Test function `test_symbolic_triu` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…

[MINED106] Phantom test coverage: test_symbolic_tril: Test function `test_symbolic_tril` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…

[MINED106] Phantom test coverage: test_beam: Test function `test_beam` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifyin…

[MINED106] Phantom test coverage: test_mnist_backward: Test function `test_mnist_backward` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…

[MINED106] Phantom test coverage: test_image: Test function `test_image` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verify…

[MINED106] Phantom test coverage: test_beam_image: Test function `test_beam_image` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…

[MINED108] `self._apply_uop` used but never assigned in __init__: Method `alu` of class `Tensor` reads `self._apply_uop`, but no assignment to it exists in __init__ (and no class-level fallback). Thi…

[MINED108] `self.device` used but never assigned in __init__: Method `__repr__` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This r…

[MINED108] `self.shape` used but never assigned in __init__: Method `__len__` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This rais…

[MINED108] `self.shape` used but never assigned in __init__: Method `__len__` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This rais…

[MINED108] `self.dtype` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.device` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This r…

[MINED108] `self.shape` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.device` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This r…

[MINED108] `self.dtype` used but never assigned in __init__: Method `as_param` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.linear_with_vars` used but never assigned in __init__: Method `schedule_linear` of class `Tensor` reads `self.linear_with_vars`, but no assignment to it exists in __init__ (and no cl…

[MINED108] `self.shape` used but never assigned in __init__: Method `replace` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This rais…

[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.dtype` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raise…

[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.shape` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raise…

[MINED108] `self.shape` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.shape`, but no assignment to it exists in __init__ (and no class-level fallback). This raise…

[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self.dtype` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raise…

[MINED108] `self.device` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This rai…

[MINED108] `self._buffer` used but never assigned in __init__: Method `assign` of class `Tensor` reads `self._buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This r…

[MINED108] `self.dtype` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This rais…

[MINED108] `self.cast` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.cast`, but no assignment to it exists in __init__ (and no class-level fallback). This raises…

[MINED108] `self.device` used but never assigned in __init__: Method `_buffer` of class `Tensor` reads `self.device`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…

[MINED108] `self._buffer` used but never assigned in __init__: Method `_data` of class `Tensor` reads `self._buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…

[MINED112] FastAPI POST /v1/internal/token-count has no auth: Handler `token_count` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in…

[MINED112] FastAPI POST /v1/token/encode has no auth: Handler `token_encode` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the fu…

[MINED112] FastAPI POST /v1/completions has no auth: Handler `completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the func…

[MINED112] FastAPI POST /v1/chat/token/encode has no auth: Handler `chat_token_encode` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears…

[MINED112] FastAPI POST /v1/chat/completions has no auth: Handler `chat_completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears i…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

Remote install command pipes network code directly to a shell

[COMP001] High cognitive complexity: Function `generate` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested bra…

Average file size is 560 lines (recommend <300)

Docker final stage has no non-root USER

Docker build context has no .dockerignore

[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.

[MINED109] Mutable default argument in `__call__` (list): `def __call__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `export_model_clang` (dict): `def export_model_clang(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acr…

[MINED109] Mutable default argument in `export_model_webgpu` (dict): `def export_model_webgpu(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared a…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `get_example_inputs` (dict): `def get_example_inputs(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acr…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `avg_pool` (list): `def avg_pool(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `_helper_linearizer_opt_ast` (list): `def _helper_linearizer_opt_ast(... = []/{}/set())` — Python's default value is constructed ONCE at function definition tim…

[MINED109] Mutable default argument in `_test_gemm_unrolled_permute_l` (list): `def _test_gemm_unrolled_permute_l(... = []/{}/set())` — Python's default value is constructed ONCE at function definiti…

[MINED109] Mutable default argument in `step` (dict): `def step(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it i…

[MINED109] Mutable default argument in `step_tf` (dict): `def step_tf(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutatin…

[MINED109] Mutable default argument in `_test_vectorized` (list): `def _test_vectorized(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across …

[MINED109] Mutable default argument in `fetch` (dict): `def fetch(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED109] Mutable default argument in `findlib` (list): `def findlib(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutatin…

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.

[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.

[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.

[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.

[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.

[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …

[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …

[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …

[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals — sometimes triggers RCE (Django debug page w…

[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…

[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

[COMP001] High cognitive complexity: Function `forward` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested bran…

Dockerfile leaves apt package indexes in the image layer

Dockerfile installs recommended OS packages

Dockerfile installs recommended OS packages

[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…

[COMP001] High cognitive complexity (and 118 more): Same pattern found in 118 additional files. Review if needed.

[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed.

[MINED005] Lua Loadstring (and 15 more): Same pattern found in 15 additional files. Review if needed.

[MINED030] Python Pickle Loads (and 5 more): Same pattern found in 5 additional files. Review if needed.

[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.

[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.

[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.

[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.

[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.

[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.

[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.

[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.

[MINED050] Stub Only Function (and 18 more): Same pattern found in 18 additional files. Review if needed.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.

[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.

[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness — left for later but never resolved.

[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.

[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.

[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.

[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.

[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.

[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) — off-by-one risk.

[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) — off-by-one risk.

[SEC007] Unsafe Deserialization (and 5 more): Same pattern found in 5 additional files. Review if needed.

[SEC013] Path Traversal — User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed.

[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.

[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed.

[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed.

[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 5 more): Same pattern found in 5 additional files. Review if needed.

[SEC128] Async function without await — fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed.