https://github.com/yeabsirateshale73-dot/realtime-sentiment-engine.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 10 |
CORE_NO_LICENSE No LICENSE file |
low | 1 |
MINED006 Overcatch Baseexception |
high | 1 |
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
SEC045 eval()/exec() on stored or user-supplied data |
medium | 1 |
MINED062 Python Dataclass No Fields |
info | 1 |
SEC128 Async function without await — fire-and-forget Promise (AI … |
high | 1 |
MINED112 FastAPI POST/PUT/DELETE/PATCH endpoint without auth |
high | 1 |
SEC135 Auth/permission check missing on AI-generated endpoint |
high | 1 |
MINED006
Overcatch Baseexception
CWE-705
realtime-sentiment-engine/src/kafka_consumer.py:42
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/processor.py:51
· conf 1.00
[MINED108] `self._flush_topics` used but never assigned in __init__: Method `process_message` of class `StreamProcessor` reads `self._flush_topics`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/processor.py:85
· conf 1.00
[MINED108] `self.process_message` used but never assigned in __init__: Method `start` of class `StreamProcessor` reads `self.process_message`, but no assignment to it exists in __init__ (and no class…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/processor.py:86
· conf 1.00
[MINED108] `self._flush_topics` used but never assigned in __init__: Method `start` of class `StreamProcessor` reads `self._flush_topics`, but no assignment to it exists in __init__ (and no class-lev…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/processor.py:93
· conf 1.00
[MINED108] `self.process_message` used but never assigned in __init__: Method `process_batch` of class `StreamProcessor` reads `self.process_message`, but no assignment to it exists in __init__ (and …MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/processor.py:96
· conf 1.00
[MINED108] `self._flush_topics` used but never assigned in __init__: Method `process_batch` of class `StreamProcessor` reads `self._flush_topics`, but no assignment to it exists in __init__ (and no c…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/sentiment_model.py:53
· conf 1.00
[MINED108] `self._tokenize` used but never assigned in __init__: Method `_load_data` of class `SentimentTrainer` reads `self._tokenize`, but no assignment to it exists in __init__ (and no class-level…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/sentiment_model.py:66
· conf 1.00
[MINED108] `self._load_data` used but never assigned in __init__: Method `train` of class `SentimentTrainer` reads `self._load_data`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/sentiment_model.py:89
· conf 1.00
[MINED108] `self._compute_metrics` used but never assigned in __init__: Method `train` of class `SentimentTrainer` reads `self._compute_metrics`, but no assignment to it exists in __init__ (and no cl…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/sentiment_model.py:135
· conf 1.00
[MINED108] `self.predict` used but never assigned in __init__: Method `predict_single` of class `SentimentTrainer` reads `self.predict`, but no assignment to it exists in __init__ (and no class-level…MINED108
self.attribute used but never assigned in __init__
CWE-476
realtime-sentiment-engine/src/topic_extractor.py:39
· conf 1.00
[MINED108] `self._build_model` used but never assigned in __init__: Method `fit` of class `TopicExtractor` reads `self._build_model`, but no assignment to it exists in __init__ (and no class-level fa…MINED112
FastAPI POST/PUT/DELETE/PATCH endpoint without auth
CWE-306CWE-862
realtime-sentiment-engine/app/main.py:65
· conf 0.80
[MINED112] FastAPI POST /analyze has no auth: Handler `analyze` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.SEC128
Async function without await — fire-and-forget Promise (AI mistake)
realtime-sentiment-engine/src/topic_extractor.py:83
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC135
Auth/permission check missing on AI-generated endpoint
realtime-sentiment-engine/app/main.py:64
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundCORE_NO_LICENSE
No LICENSE file
No LICENSE fileMINED062
Python Dataclass No Fields
realtime-sentiment-engine/src/config.py:10
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED065
Cors Wildcard
CWE-942CWE-346
realtime-sentiment-engine/app/main.py:26
· conf 1.00
[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints.SEC045
eval()/exec() on stored or user-supplied data
realtime-sentiment-engine/src/sentiment_model.py:106
· conf 0.10
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/c7800179-ed8f-4172-ab2e-014acbc0345c/.