https://github.com/HKUDS/ViMax.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED109 Mutable default argument |
medium | 4 |
AIC003 Duplicated implementation block across source files |
low | 3 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 3 |
SEC078 Python: requests without timeout |
high | 2 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 2 |
SEC128 Async function without await — fire-and-forget Promise (AI … |
high | 2 |
MINED050 Stub Only Function |
info | 2 |
MINED067 Python Requests No Timeout |
info | 2 |
MINED106 Phantom test coverage (assertion-free test) |
high | 1 |
MINED106
Phantom test coverage (assertion-free test)
CWE-1126
utils/timer.py:67
· conf 1.00
[MINED106] Phantom test coverage: test_sleep: Test function `test_sleep` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verify…MINED108
self.attribute used but never assigned in __init__
CWE-476
agents/event_extractor.py:103
· conf 1.00
[MINED108] `self.extract_next_event` used but never assigned in __init__: Method `__call__` of class `EventExtractor` reads `self.extract_next_event`, but no assignment to it exists in __init__ (and …MINED108
self.attribute used but never assigned in __init__
CWE-476
agents/novel_compressor.py:118
· conf 1.00
[MINED108] `self.compress_single_novel_chunk` used but never assigned in __init__: Method `compress` of class `NovelCompressor` reads `self.compress_single_novel_chunk`, but no assignment to it exist…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:86
· conf 1.00
[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:86
· conf 1.00
[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:88
· conf 1.00
[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:89
· conf 1.00
[MINED108] `self.sound_effect` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.sound_effect`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:90
· conf 1.00
[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:91
· conf 1.00
[MINED108] `self.emotion` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.emotion`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:91
· conf 1.00
[MINED108] `self.line` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.line`, but no assignment to it exists in __init__ (and no class-level fallback…MINED108
self.attribute used but never assigned in __init__
CWE-476
interfaces/shot_description.py:91
· conf 1.00
[MINED108] `self.speaker` used but never assigned in __init__: Method `__str__` of class `ShotBriefDescription` reads `self.speaker`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:35
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:42
· conf 1.00
[MINED108] `self.novel_compressor` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.novel_compressor`, but no assignment to it exists in __init__ (and…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:102
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:146
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:147
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:154
· conf 1.00
[MINED108] `self.embeddings` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.embeddings`, but no assignment to it exists in __init__ (and no class-le…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:233
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:299
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:394
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
pipelines/novel2movie_pipeline.py:510
· conf 1.00
[MINED108] `self.working_dir` used but never assigned in __init__: Method `__call__` of class `Novel2MoviePipeline` reads `self.working_dir`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
tools/video_generator_doubao_seedance_yunwu_api.py:175
· conf 1.00
[MINED108] `self.create_video_generation_task` used but never assigned in __init__: Method `generate_single_video` of class `VideoGeneratorDoubaoSeedanceYunwuAPI` reads `self.create_video_generation_…MINED108
self.attribute used but never assigned in __init__
CWE-476
tools/video_generator_doubao_seedance_yunwu_api.py:176
· conf 1.00
[MINED108] `self.query_video_generation_task` used but never assigned in __init__: Method `generate_single_video` of class `VideoGeneratorDoubaoSeedanceYunwuAPI` reads `self.query_video_generation_ta…MINED108
self.attribute used but never assigned in __init__
CWE-476
utils/timer.py:38
· conf 1.00
[MINED108] `self.start_time` used but never assigned in __init__: Method `__enter__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback)…MINED108
self.attribute used but never assigned in __init__
CWE-476
utils/timer.py:39
· conf 1.00
[MINED108] `self.start_time` used but never assigned in __init__: Method `__enter__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback)…MINED108
self.attribute used but never assigned in __init__
CWE-476
utils/timer.py:49
· conf 1.00
[MINED108] `self.start_time` used but never assigned in __init__: Method `__exit__` of class `Timer` reads `self.start_time`, but no assignment to it exists in __init__ (and no class-level fallback).…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
interfaces/image_output.py:35
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
interfaces/video_output.py:23
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC078
Python: requests without timeout
utils/image.py:15
· conf 1.00
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…SEC078
Python: requests without timeout
utils/video.py:11
· conf 1.00
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
interfaces/image_output.py:49
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
utils/image.py:43
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
agents/camera_image_generator.py:121
· conf 0.95
[COMP001] High cognitive complexity: Function `construct_camera_tree` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
tools/image_generator_nanobanana_google_api.py:29
· conf 0.95
[COMP001] High cognitive complexity: Function `generate_single_image` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundMINED109
Mutable default argument
CWE-1023
tools/image_generator_doubao_seedream_yunwu_api.py:25
· conf 1.00
[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
tools/image_generator_nanobanana_google_api.py:29
· conf 1.00
[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
tools/image_generator_nanobanana_yunwu_api.py:30
· conf 1.00
[MINED109] Mutable default argument in `generate_single_image` (list): `def generate_single_image(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
tools/video_generator_veo_yunwu_api.py:40
· conf 1.00
[MINED109] Mutable default argument in `generate_single_video` (list): `def generate_single_video(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…SEC034
Log Injection / Log Forging — unsanitized user input in log
tools/video_generator_veo_google_api.py:61
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…AIC003
Duplicated implementation block across source files
agents/global_information_planner.py:97
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
agents/script_planner.py:158
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
pipelines/script2video_pipeline.py:37
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
pipelines/idea2video_pipeline.py:74
· conf 0.95
[COMP001] High cognitive complexity: Function `generate_character_portraits` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to unde…MINED050
Stub Only Function
CWE-1188
pipelines/idea2video_pipeline_deprecated.py:15
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
pipelines/idea2video_pipeline.py:157
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED062
Python Dataclass No Fields
tools/render_backend.py:22
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED063
Toctou Os Path Exists
CWE-367
pipelines/idea2video_pipeline.py:58
· conf 1.00
[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) — file can be replaced/deleted between check and use.MINED067
Python Requests No Timeout
CWE-400
utils/image.py:15
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED067
Python Requests No Timeout
CWE-400
utils/video.py:11
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/99b4aa28-a388-4d28-b169-2e7309b85809/.