https://github.com/PaddlePaddle/FastDeploy ·
lang: python ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED124 requirements.txt entry has no version pin |
medium | 25 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
MINED111 Bare except continues silently |
medium | 25 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED112 FastAPI POST/PUT/DELETE/PATCH endpoint without auth |
high | 25 |
MINED109 Mutable default argument |
medium | 23 |
MINED107 Missing Python import (NameError at runtime) |
critical | 18 |
MINED131 pre-commit hook pinned to branch/tag instead of SHA |
high | 12 |
AGT012
Agent control bridge may listen on a network interface without visible auth
fastdeploy/cache_manager/cache_messager.py:12
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
fastdeploy/cache_manager/cache_transfer_manager.py:12
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
fastdeploy/config.py:12
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
fastdeploy/engine/args_utils.py:12
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
fastdeploy/engine/common_engine.py:12
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
.github/workflows/_unit_test_coverage.yml:13
· conf 0.72
Agent control bridge may listen on a network interface without visible authAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 20.7% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
fastdeploy/entrypoints/openai/api_server.py:686
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
fastdeploy/entrypoints/openai/api_server.py:705
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
fastdeploy/entrypoints/openai/api_server.py:716
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
fastdeploy/entrypoints/openai/api_server.py:727
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC012
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
benchmarks/benchmark_fmq.py:109
· conf 0.95
[COMP001] High cognitive complexity: Function `run_benchmark` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — neste…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
.claude/skills/benchmark-compare/scripts/extract_metrics.py:113
· conf 0.95
[COMP001] High cognitive complexity: Function `compute_comparison` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — …DKR001
Docker final stage has no non-root USER
dockerfiles/Dockerfile.gpu:1
· conf 0.82
Docker final stage has no non-root USERDKR001
Docker final stage has no non-root USER
dockerfiles/Dockerfile.xpu:1
· conf 0.82
Docker final stage has no non-root USERDKR001
Docker final stage has no non-root USER
tools/dockerfile/Dockerfile.ci:1
· conf 0.82
Docker final stage has no non-root USERDKR002
Dockerfile base image has no explicit tag
examples/observability/docker-compose.yaml:31
· conf 0.90
Compose service `jaeger` image has no explicit tagDKR002
Dockerfile base image has no explicit tag
examples/observability/docker-compose.yaml:40
· conf 0.90
Compose service `otel-collector` image has no explicit tagDKR003
Dockerfile base image uses the latest tag
examples/observability/docker-compose.yaml:2
· conf 0.94
Compose service `prometheus` image uses the latest tagDKR003
Dockerfile base image uses the latest tag
examples/observability/docker-compose.yaml:13
· conf 0.94
Compose service `grafana` image uses the latest tagDKR007
Docker build context has no .dockerignore
.dockerignore
· conf 0.90
Docker build context has no .dockerignoreERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
benchmarks/paddleocr_vl/benchmark.py:91
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
.claude/skills/benchmark-compare/scripts/extract_metrics.py:107
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
fastdeploy/cache_manager/v1/transfer/ipc/connector.py:61
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
fastdeploy/cache_manager/cache_data.py:43
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/cache_manager/transfer_factory/rdma_cache_transfer.py:30
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/cache_manager/v1/radix_tree.py:625
· conf 1.00
[MINED109] Mutable default argument in `get_candidates_for_backup` (list): `def get_candidates_for_backup(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time …MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/layers/sample/sampler.py:266
· conf 1.00
[MINED109] Mutable default argument in `add_logits_processor` (list): `def add_logits_processor(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/layers/sample/sampler.py:317
· conf 1.00
[MINED109] Mutable default argument in `update_vocab_mask` (list): `def update_vocab_mask(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/layers/sample/sampler.py:395
· conf 1.00
[MINED109] Mutable default argument in `apply_token_mask` (list): `def apply_token_mask(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across …MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/layers/sample/sampler.py:476
· conf 1.00
[MINED109] Mutable default argument in `pre_process` (list): `def pre_process(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls.…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/layers/utils.py:253
· conf 1.00
[MINED109] Mutable default argument in `per_block_cast_to_fp8` (list): `def per_block_cast_to_fp8(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/models/qwen2_5_vl/dfnrope/configuration.py:67
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils.py:588
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils.py:828
· conf 1.00
[MINED109] Mutable default argument in `paddle_use_triton` (dict): `def paddle_use_triton(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils.py:828
· conf 1.00
[MINED109] Mutable default argument in `paddle_use_triton` (list): `def paddle_use_triton(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils_v2.py:85
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils_v2.py:340
· conf 1.00
[MINED109] Mutable default argument in `paddle_use_triton_v2` (dict): `def paddle_use_triton_v2(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared…MINED109
Mutable default argument
CWE-1023
fastdeploy/model_executor/ops/triton_ops/triton_utils_v2.py:340
· conf 1.00
[MINED109] Mutable default argument in `paddle_use_triton_v2` (list): `def paddle_use_triton_v2(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared…MINED109
Mutable default argument
CWE-1023
fastdeploy/rl/rollout_config.py:24
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
fastdeploy/scheduler/splitwise_scheduler.py:140
· conf 1.00
[MINED109] Mutable default argument in `get_results` (list): `def get_results(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls.…MINED109
Mutable default argument
CWE-1023
fastdeploy/spec_decode/mtp.py:478
· conf 1.00
[MINED109] Mutable default argument in `insert_tasks_v1` (dict): `def insert_tasks_v1(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across al…MINED109
Mutable default argument
CWE-1023
fastdeploy/utils.py:795
· conf 1.00
[MINED109] Mutable default argument in `get_hash_str` (list): `def get_hash_str(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all call…MINED109
Mutable default argument
CWE-1023
tests/ci_validation/server/test_compare_top_logprobs.py:46
· conf 1.00
[MINED109] Mutable default argument in `compare_top_logprobs` (list): `def compare_top_logprobs(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared…MINED109
Mutable default argument
CWE-1023
tests/layers/test_moba_attention_backend.py:53
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
tests/model_loader/utils.py:58
· conf 1.00
[MINED109] Mutable default argument in `run_with_timeout` (dict): `def run_with_timeout(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across …MINED109
Mutable default argument
CWE-1023
tests/model_loader/utils.py:81
· conf 1.00
[MINED109] Mutable default argument in `form_model_get_output_topp0` (dict): `def form_model_get_output_topp0(... = []/{}/set())` — Python's default value is constructed ONCE at function definition t…MINED111
Bare except continues silently
benchmarks/backend_request_func.py:567
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:633
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:1035
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:1114
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:1179
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:1227
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func.py:1318
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:275
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:531
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:567
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:633
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1041
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1120
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1185
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1233
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1324
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/backend_request_func_swe.py:1422
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
benchmarks/quick_benchmark.py:681
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
custom_ops/setup_ops_cpu.py:62
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
custom_ops/setup_ops.py:125
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fastdeploy/collect_env.py:529
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fastdeploy/utils.py:1038
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fastdeploy/utils.py:1113
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
scripts/CheckPRTemplate.py:133
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
setup.py:122
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `setuptools` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosqua…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `pre-commit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosqua…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `yapf` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:4
· conf 0.90
[MINED124] requirements.txt: `flake8` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:5
· conf 0.90
[MINED124] requirements.txt: `ruamel.yaml` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosqu…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:6
· conf 0.90
[MINED124] requirements.txt: `zmq` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, acc…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:7
· conf 0.90
[MINED124] requirements.txt: `aiozmq` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:9
· conf 0.90
[MINED124] requirements.txt: `tqdm` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:10
· conf 0.90
[MINED124] requirements.txt: `pynvml` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:12
· conf 0.90
[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:14
· conf 0.90
[MINED124] requirements.txt: `redis` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:15
· conf 0.90
[MINED124] requirements.txt: `etcd3` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:16
· conf 0.90
[MINED124] requirements.txt: `httpx` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, a…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:17
· conf 0.90
[MINED124] requirements.txt: `fast_dataindex` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typo…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:18
· conf 0.90
[MINED124] requirements.txt: `cupy-cuda12x` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosq…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:19
· conf 0.90
[MINED124] requirements.txt: `pybind11[global]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (ty…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:20
· conf 0.90
[MINED124] requirements.txt: `tabulate` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:21
· conf 0.90
[MINED124] requirements.txt: `gradio` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:22
· conf 0.90
[MINED124] requirements.txt: `xlwt` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, ac…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:23
· conf 0.90
[MINED124] requirements.txt: `visualdl` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:25
· conf 0.90
[MINED124] requirements.txt: `prometheus-client` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (t…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:26
· conf 0.90
[MINED124] requirements.txt: `paddlecodec` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosqu…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:27
· conf 0.90
[MINED124] requirements.txt: `moviepy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:28
· conf 0.90
[MINED124] requirements.txt: `triton` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:29
· conf 0.90
[MINED124] requirements.txt: `crcmod` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …SEC007
Unsafe Deserialization
fastdeploy/cache_manager/multimodal_cache_manager.py:149
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC012
ZipSlip — Archive Path Traversal
custom_ops/setup_ops_cpu.py:56
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC012
ZipSlip — Archive Path Traversal
custom_ops/xpu_ops/setup_ops.py:59
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC017
Unbounded Input to LLM/External API
fastdeploy/demo/openai_demo.py:22
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC017
Unbounded Input to LLM/External API
fastdeploy/demo/openai_vl_demo.py:22
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC017
Unbounded Input to LLM/External API
fastdeploy/entrypoints/cli/openai.py:198
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC034
Log Injection / Log Forging — unsanitized user input in log
fastdeploy/cache_manager/cache_metrics.py:103
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…SEC034
Log Injection / Log Forging — unsanitized user input in log
fastdeploy/cache_manager/multimodal_cache_manager.py:154
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…SEC034
Log Injection / Log Forging — unsanitized user input in log
fastdeploy/entrypoints/api_server.py:117
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…SEC041
Tabnabbing — target="_blank" without rel="noopener noreferrer"
.claude/skills/research-report/scripts/update_index.py:132
· conf 1.00
[SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run win…SEC045
eval()/exec() on stored or user-supplied data
fastdeploy/entrypoints/cli/tokenizer.py:222
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC094
Go: world-writable file permissions
fastdeploy/golang_router/pkg/logger/logger.go:40
· conf 1.00
[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0).SEC119
World-writable / world-readable file permissions
custom_ops/xpu_ops/setup_ops.py:109
· conf 1.00
[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets.SEC119
World-writable / world-readable file permissions
fastdeploy/golang_router/launch.py:38
· conf 1.00
[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets.SEC127
AI agent stub — TODO: implement / pass placeholder body
benchmarks/paddleocr_vl/benchmark.py:38
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
fastdeploy/cache_manager/multimodal_cache_manager.py:101
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
fastdeploy/cache_manager/transfer_factory/mooncake_store/attention_store.py:276
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC134
AI scaffold leftover — Lorem ipsum / example.com / John Doe in code
fastdeploy/demo/tokenizer_client_demo.py:31
· conf 1.00
[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtAIC002
Source file name looks like an AI patch artifact
custom_ops/xpu_ops/src/plugin/src/wrapper/mtp_wrapper/draft_model_update.cpp:1
· conf 0.62
Source file name looks like an AI patch artifactAIC002
Source file name looks like an AI patch artifact
custom_ops/xpu_ops/src/plugin/src/wrapper/mtp_wrapper/speculate_update.cpp:1
· conf 0.62
Source file name looks like an AI patch artifactAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/append_attn/multiquery_attention_c4_kernel.h:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/append_attn/multiquery_attention_c8_kernel.h:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/append_attn/speculate_write_cache_with_rope_kernel.h:9
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/epilogue/broadcast_load_epilogue_c3x.hpp:18
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/epilogue/broadcast_load_epilogue_c3x.hpp:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/epilogue/scaled_mm_epilogues_c3x.hpp:254
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/collective/sm90_mma_gated_tma_gmma_ss_warpspecialized_fp8.hpp:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/collective/sm90_mma_tma_gmma_ss_warpspecialized_fp8_blockwise_scaling.hpp:7
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/collective/sm90_mma_tma_gmma_ss_warpspecialized_fp8_blockwise_scaling.hpp:113
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/kernel/sm90_gemm_gated_tma_warpspecialized_pingpong.hpp:12
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/default_dq_mma_pipelined.h:47
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/default_mma_bf16.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/default_wint2x_mma.h:118
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_multistage_finegrained.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_multistage_percol.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_multistage_percol.h:10
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_finegrained.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_finegrained.h:111
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_percol.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_percol.h:7
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_percol.h:80
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/dq_mma_pipelined_percol.h:109
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/wint2x_mma_base.h:49
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/wint2x_mma_multistage.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_extensions/gemm/threadblock/wint2x_mma_multistage.h:179
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_kernels/fp8_gemm_fused/dual_gemm/threadblock/dual_mma_multistage.h:98
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_kernels/fp8_gemm_fused/dual_gemm/threadblock/dual_mma_multistage.h:106
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_kernels/fp8_gemm_fused/dual_gemm/threadblock/dual_mma_multistage.h:202
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_kernels/fp8_gemm_fused/dual_gemm/thread/left_silu_and_mul.h:15
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
custom_ops/gpu_ops/cutlass_kernels/fp8_gemm_fused/fuse_dual_gemm_swiglu_template.h:11
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
.claude/skills/research-report/scripts/update_index.py:24
· conf 0.95
[COMP001] High cognitive complexity: Function `extract_meta` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…DKC006
Compose service does not declare a runtime user
examples/observability/docker-compose.yaml:2
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
examples/observability/docker-compose.yaml:13
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
examples/observability/docker-compose.yaml:31
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
examples/observability/docker-compose.yaml:40
· conf 0.56
Compose service does not declare a runtime userDKC010
Compose service lacks no-new-privileges hardening
examples/observability/docker-compose.yaml:2
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
examples/observability/docker-compose.yaml:13
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
examples/observability/docker-compose.yaml:31
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
examples/observability/docker-compose.yaml:40
· conf 0.62
Compose service lacks no-new-privileges hardeningDKR010
Dockerfile leaves apt package indexes in the image layer
dockerfiles/Dockerfile.xpu:11
· conf 0.74
Dockerfile leaves apt package indexes in the image layerDKR010
Dockerfile leaves apt package indexes in the image layer
tools/dockerfile/Dockerfile.ci:2
· conf 0.74
Dockerfile leaves apt package indexes in the image layerDKR010
Dockerfile leaves apt package indexes in the image layer
tools/dockerfile/Dockerfile.ci:16
· conf 0.74
Dockerfile leaves apt package indexes in the image layerDKR011
Dockerfile installs recommended OS packages
dockerfiles/Dockerfile.xpu:11
· conf 0.72
Dockerfile installs recommended OS packagesDKR011
Dockerfile installs recommended OS packages
tools/dockerfile/Dockerfile.ci:2
· conf 0.72
Dockerfile installs recommended OS packagesDKR011
Dockerfile installs recommended OS packages
tools/dockerfile/Dockerfile.ci:16
· conf 0.72
Dockerfile installs recommended OS packagesDKR011
Dockerfile installs recommended OS packages
tools/dockerfile/Dockerfile.ci:23
· conf 0.72
Dockerfile installs recommended OS packagesDKR012
Dockerfile keeps pip download cache
dockerfiles/Dockerfile.xpu:15
· conf 0.72
Dockerfile keeps pip download cacheDKR012
Dockerfile keeps pip download cache
dockerfiles/Dockerfile.xpu:35
· conf 0.72
Dockerfile keeps pip download cacheSEC075
Dockerfile: no HEALTHCHECK
tools/dockerfile/docker_build.sh:1
· conf 1.00
[SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive — orchestrators can't detect a wedged process. Ported from trivy DS026 / checkov CKV_DOCKER_2 (Apache-2.0). Implement file-level: skip if…SEC132
String concat where the language has interpolation (AI style drift)
custom_ops/gpu_ops/fused_cast_sigmoid_bias.cu:120
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
custom_ops/gpu_ops/get_data_ptr_ipc.cu:45
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
custom_ops/gpu_ops/read_data_ipc.cu:59
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 115 more): Same pattern found in 115 additional files. Review if needed.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
[ERR001] Silent Exception Swallowing (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED005
Lua Loadstring
CWE-95
[MINED005] Lua Loadstring (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED011
Scala Get On Option
CWE-476
[MINED011] Scala Get On Option (and 16 more): Same pattern found in 16 additional files. Review if needed.MINED042
Cpp New Without Delete
CWE-401
custom_ops/xpu_ops/src/ops/pybind/cachekv_signal_thread_worker.cc:94
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED043
Http Not Https
CWE-319
[MINED043] Http Not Https (and 26 more): Same pattern found in 26 additional files. Review if needed.MINED043
Http Not Https
CWE-319
.claude/skills/benchmark-compare/scripts/health_check.sh:55
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
.claude/skills/nsys-capture/nsys_capture.sh:31
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
.claude/skills/nsys-capture/nsys_default_client.py:19
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED045
Ts Non Null Assertion
CWE-476
custom_ops/gpu_ops/moe/moe_fast_hardamard_kernel.cu:79
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
custom_ops/gpu_ops/speculate_decoding/speculate_update.cu:35
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED049
Print Pii
CWE-532
[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED049
Print Pii
CWE-532
benchmarks/benchmark_mtp.py:124
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
benchmarks/paddleocr_vl/benchmark.py:187
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
fastdeploy/entrypoints/cli/tokenizer.py:160
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 76 more): Same pattern found in 76 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
benchmarks/paddleocr_vl/benchmark.py:42
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
.claude/skills/benchmark-compare/scripts/extract_metrics.py:108
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
fastdeploy/__init__.py:131
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED055
Npm Install No Lockfile
CWE-1357
scripts/run_ci_hpu.sh:27
· conf 1.00
[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.MINED055
Npm Install No Lockfile
CWE-1357
tools/codestyle/pre_commit.sh:19
· conf 1.00
[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci.MINED060
Go Context No Cancel
CWE-401
fastdeploy/golang_router/cmd/main.go:57
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.MINED060
Go Context No Cancel
CWE-401
fastdeploy/golang_router/internal/manager/register.go:273
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.MINED062
Python Dataclass No Fields
[MINED062] Python Dataclass No Fields (and 9 more): Same pattern found in 9 additional files. Review if needed.MINED062
Python Dataclass No Fields
custom_ops/utils/auto_gen_template_attention.py:24
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
custom_ops/utils/auto_gen_template_instantiation.py:24
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
fastdeploy/engine/kv_cache_interface.py:24
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/ab654ff4-2d45-41c2-a338-f39e691f30b3/.