https://github.com/Fincept-Corporation/FinceptTerminal.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
MINED111 Bare except continues silently |
medium | 25 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED107 Missing Python import (NameError at runtime) |
critical | 25 |
MINED109 Mutable default argument |
medium | 18 |
MINED042 Cpp New Without Delete |
info | 4 |
MINED001 Bare Except Pass |
high | 4 |
SEC085 JS: child_process.exec with non-literal |
high | 4 |
MINED001
Bare Except Pass
CWE-755
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_data.py:95
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_optimize.py:85
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
fincept-qt/scripts/Analytics/backtesting/fasttrade/ft_evaluate.py:51
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED004
Weak Crypto
CWE-327
fincept-qt/scripts/exchange/totp_gen.py:26
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED004
Weak Crypto
CWE-327
fincept-qt/scripts/harvard_dataverse_data.py:178
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED004
Weak Crypto
CWE-327
fincept-qt/src/app/InstanceLock.cpp:74
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED006
Overcatch Baseexception
CWE-705
fincept-qt/scripts/build_akshare_symbols_db.py:212
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED006
Overcatch Baseexception
CWE-705
fincept-qt/scripts/voice/clap_detector.py:231
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED006
Overcatch Baseexception
CWE-705
fincept-qt/scripts/voice/speech_to_text.py:141
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED009
Floats For Money
CWE-682
fincept-qt/scripts/Analytics/backtesting/bt/bt_risk.py:163
· conf 1.00
[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.MINED009
Floats For Money
CWE-682
fincept-qt/scripts/Analytics/corporateFinance/lbo/capital_structure.py:9
· conf 1.00
[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.MINED009
Floats For Money
CWE-682
fincept-qt/scripts/Analytics/corporateFinance/merger_models/sources_uses.py:185
· conf 1.00
[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.MINED017
C System Call
CWE-78
fincept-qt/src/core/i18n/LanguageManager.cpp:80
· conf 1.00
[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.MINED017
C System Call
CWE-78
fincept-qt/src/screens/crypto_center/panels/MarketsListPanel.cpp:36
· conf 1.00
[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.MINED017
C System Call
CWE-78
fincept-qt/src/services/wallet/ConnectWalletDialog.cpp:25
· conf 1.00
[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.MINED021
Path Traversal Os Join
CWE-22
.github/scripts/generate_updates_manifest.py:25
· conf 1.00
[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain "../" — directory escape.MINED021
Path Traversal Os Join
CWE-22
.github/scripts/update_readme_table.py:29
· conf 1.00
[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain "../" — directory escape.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/backtestingpy/backtestingpy_provider.py:160
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/base/base_provider.py:244
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/bt/bt_provider.py:80
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/fasttrade/fasttrade_provider.py:201
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/vectorbt/vectorbt_provider.py:87
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/backtesting/zipline/zipline_provider.py:902
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/economics/growth_analysis.py:667
· conf 1.00
[MINED106] Phantom test coverage: test_convergence_hypotheses: Test function `test_convergence_hypotheses` runs code but contains no assert / expect / should call — it passes regardless of behaviour.…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/fortitudo_tech_wrapper/test_service.py:13
· conf 1.00
[MINED106] Phantom test coverage: test_all: Test function `test_all` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/gs_quant_wrapper/test_integration.py:40
· conf 1.00
[MINED106] Phantom test coverage: test_full_workflow: Test function `test_full_workflow` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:152
· conf 1.00
[MINED106] Phantom test coverage: test_stationarity: Test function `test_stationarity` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:1223
· conf 1.00
[MINED106] Phantom test coverage: test_stationarity_quick: Test function `test_stationarity_quick` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/statsmodels_wrapper/stats_extended.py:1129
· conf 1.00
[MINED106] Phantom test coverage: test_poisson: Test function `test_poisson` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without ve…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/statsmodels_wrapper/stats_extended.py:1143
· conf 1.00
[MINED106] Phantom test coverage: test_poisson_2indep: Test function `test_poisson_2indep` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/Analytics/statsmodels_wrapper/stats_extended.py:1160
· conf 1.00
[MINED106] Phantom test coverage: test_proportions_2indep: Test function `test_proportions_2indep` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/cnstats_data.py:543
· conf 1.00
[MINED106] Phantom test coverage: test_api_connection: Test function `test_api_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/databento_provider.py:165
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/datagovsg_data.py:493
· conf 1.00
[MINED106] Phantom test coverage: test_api_connectivity: Test function `test_api_connectivity` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line c…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/french_gov_api.py:916
· conf 1.00
[MINED106] Phantom test coverage: test_all_api_connectivity: Test function `test_all_api_connectivity` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Add…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/n2yo_satellite_data.py:801
· conf 1.00
[MINED106] Phantom test coverage: test_all_endpoints: Test function `test_all_endpoints` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/nasa_gibs_api.py:1203
· conf 1.00
[MINED106] Phantom test coverage: test_all_endpoints: Test function `test_all_endpoints` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/sentinelhub_data.py:850
· conf 1.00
[MINED106] Phantom test coverage: test_api_connectivity: Test function `test_api_connectivity` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line c…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/swiss_gov_api.py:1095
· conf 1.00
[MINED106] Phantom test coverage: test_api_connectivity: Test function `test_api_connectivity` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line c…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/trading_economics_data.py:49
· conf 1.00
[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/universal_ckan_api.py:635
· conf 1.00
[MINED106] Phantom test coverage: test_portal_connection: Test function `test_portal_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
fincept-qt/scripts/wits_trade_data.py:674
· conf 1.00
[MINED106] Phantom test coverage: test_all_endpoints: Test function `test_all_endpoints` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:95
· conf 1.00
[MINED108] `self._query_to_df` used but never assigned in __init__: Method `_trade_dates` of class `BaoStockDailyBackfill` reads `self._query_to_df`, but no assignment to it exists in __init__ (and n…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:102
· conf 1.00
[MINED108] `self._query_to_df` used but never assigned in __init__: Method `_codes` of class `BaoStockDailyBackfill` reads `self._query_to_df`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:115
· conf 1.00
[MINED108] `self._login` used but never assigned in __init__: Method `fetch_day` of class `BaoStockDailyBackfill` reads `self._login`, but no assignment to it exists in __init__ (and no class-level f…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:128
· conf 1.00
[MINED108] `self._codes` used but never assigned in __init__: Method `fetch_day` of class `BaoStockDailyBackfill` reads `self._codes`, but no assignment to it exists in __init__ (and no class-level f…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:144
· conf 1.00
[MINED108] `self._query_to_df` used but never assigned in __init__: Method `fetch_day` of class `BaoStockDailyBackfill` reads `self._query_to_df`, but no assignment to it exists in __init__ (and no c…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:181
· conf 1.00
[MINED108] `self._login` used but never assigned in __init__: Method `run_backfill` of class `BaoStockDailyBackfill` reads `self._login`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:182
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `run_backfill` of class `BaoStockDailyBackfill` reads `self._state`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:206
· conf 1.00
[MINED108] `self._trade_dates` used but never assigned in __init__: Method `run_backfill` of class `BaoStockDailyBackfill` reads `self._trade_dates`, but no assignment to it exists in __init__ (and n…MINED108
self.attribute used but never assigned in __init__
CWE-476
fincept-qt/scripts/baostock_daily_backfill.py:215
· conf 1.00
[MINED108] `self.fetch_day` used but never assigned in __init__: Method `run_backfill` of class `BaoStockDailyBackfill` reads `self.fetch_day`, but no assignment to it exists in __init__ (and no clas…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_data.py:111
· conf 0.95
[COMP001] High cognitive complexity: Function `load_data` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested br…DKR001
Docker final stage has no non-root USER
Dockerfile:163
· conf 0.82
Docker final stage has no non-root USERERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_data.py:95
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_optimize.py:85
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
fincept-qt/scripts/Analytics/economics/business_cycle.py:59
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/agents/hedgeFundAgents/renaissance_technologies_hedge_fund_agent/strategies/momentum.py:99
· conf 1.00
[MINED109] Mutable default argument in `find_optimal_lookback` (list): `def find_optimal_lookback(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/agno_trading/tools/news_sentiment.py:58
· conf 1.00
[MINED109] Mutable default argument in `get_market_sentiment` (list): `def get_market_sentiment(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/confidence_intervals.py:35
· conf 1.00
[MINED109] Mutable default argument in `bootstrap_prediction_intervals` (list): `def bootstrap_prediction_intervals(... = []/{}/set())` — Python's default value is constructed ONCE at function defini…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/confidence_intervals.py:128
· conf 1.00
[MINED109] Mutable default argument in `residual_prediction_intervals` (list): `def residual_prediction_intervals(... = []/{}/set())` — Python's default value is constructed ONCE at function definiti…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/confidence_intervals.py:225
· conf 1.00
[MINED109] Mutable default argument in `quantile_prediction_intervals` (list): `def quantile_prediction_intervals(... = []/{}/set())` — Python's default value is constructed ONCE at function definiti…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/confidence_intervals.py:314
· conf 1.00
[MINED109] Mutable default argument in `conformal_prediction_intervals` (list): `def conformal_prediction_intervals(... = []/{}/set())` — Python's default value is constructed ONCE at function defini…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/confidence_intervals.py:388
· conf 1.00
[MINED109] Mutable default argument in `monte_carlo_intervals` (list): `def monte_carlo_intervals(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/ensemble.py:250
· conf 1.00
[MINED109] Mutable default argument in `ensemble_stacking` (list): `def ensemble_stacking(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/functime_wrapper/preprocessing.py:281
· conf 1.00
[MINED109] Mutable default argument in `create_rolling_features` (list): `def create_rolling_features(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and …MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/python_skfolio_lib/skfolio_risk.py:243
· conf 1.00
[MINED109] Mutable default argument in `calculate_risk_metrics` (list): `def calculate_risk_metrics(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and sh…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/python_skfolio_lib/skfolio_risk.py:894
· conf 1.00
[MINED109] Mutable default argument in `monte_carlo_simulation` (list): `def monte_carlo_simulation(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and sh…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:390
· conf 1.00
[MINED109] Mutable default argument in `supervised_learning_analysis` (list): `def supervised_learning_analysis(... = []/{}/set())` — Python's default value is constructed ONCE at function definition…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:507
· conf 1.00
[MINED109] Mutable default argument in `unsupervised_learning_analysis` (list): `def unsupervised_learning_analysis(... = []/{}/set())` — Python's default value is constructed ONCE at function defini…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:792
· conf 1.00
[MINED109] Mutable default argument in `analyze_sampling_techniques` (list): `def analyze_sampling_techniques(... = []/{}/set())` — Python's default value is constructed ONCE at function definition t…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:912
· conf 1.00
[MINED109] Mutable default argument in `demonstrate_central_limit_theorem` (list): `def demonstrate_central_limit_theorem(... = []/{}/set())` — Python's default value is constructed ONCE at function …MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:996
· conf 1.00
[MINED109] Mutable default argument in `advanced_resampling_analysis` (list): `def advanced_resampling_analysis(... = []/{}/set())` — Python's default value is constructed ONCE at function definition…MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:1108
· conf 1.00
[MINED109] Mutable default argument in `calculate_sampling_error_analysis` (list): `def calculate_sampling_error_analysis(... = []/{}/set())` — Python's default value is constructed ONCE at function …MINED109
Mutable default argument
CWE-1023
fincept-qt/scripts/Analytics/quant/quant_modules_3042.py:1274
· conf 1.00
[MINED109] Mutable default argument in `clt_convergence_check` (list): `def clt_convergence_check(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shar…MINED111
Bare except continues silently
fincept-qt/scripts/baostock_daily_backfill.py:82
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/baostock_daily_backfill.py:147
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/baostock_daily_backfill.py:335
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/bls_data.py:148
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/bls_data.py:174
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/bls_data.py:429
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:135
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:180
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:201
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:235
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:277
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:302
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnb_data.py:467
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:158
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:237
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:260
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:282
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:345
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:405
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:462
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:501
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:536
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:586
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/cnstats_data.py:778
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
fincept-qt/scripts/pxweb_fetcher.py:72
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED124
requirements.txt entry has no version pin
CWE-1357
fincept-qt/resources/requirements-numpy2.txt:101
· conf 0.90
[MINED124] requirements.txt: `finquant-enhanced` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (t…SEC011
Unsafe PyTorch Model Loading
fincept-qt/scripts/vision_quant/models/attention_cae.py:234
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC017
Unbounded Input to LLM/External API
fincept-qt/src/services/llm/LlmFinceptAsync.cpp:132
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC034
Log Injection / Log Forging — unsanitized user input in log
fincept-qt/scripts/agents/finagent_core/tools/terminal_toolkit.py:166
· conf 1.00
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…SEC045
eval()/exec() on stored or user-supplied data
fincept-qt/scripts/Analytics/backtesting/base/fincept_strategy_runner.py:65
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
fincept-qt/src/algo_engine/AlgoEngine.cpp:186
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
fincept-qt/src/app/MonitorPickerDialog.cpp:231
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC127
AI agent stub — TODO: implement / pass placeholder body
fincept-qt/scripts/Analytics/backtesting/vectorbt/vbt_splitters.py:24
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC136
AI-typical over-broad exception handler swallowing all errors
fincept-qt/scripts/agents/hedgeFundAgents/renaissance_technologies_hedge_fund_agent/utils/data_fetcher.py:148
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
fincept-qt/scripts/spreadsheet.py:29
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
fincept-qt/scripts/un_stats_data.py:111
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…AIC002
Source file name looks like an AI patch artifact
fincept-qt/scripts/akshare_alternative.py:1
· conf 0.62
Source file name looks like an AI patch artifactAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/emerging_market_bonds.py:415
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/high_yield_bonds.py:407
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/inflation_protected.py:320
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/managed_futures.py:454
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/managed_futures.py:455
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/managed_futures.py:467
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/market_neutral.py:401
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/market_neutral.py:404
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/market_neutral.py:410
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/precious_metals.py:443
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/alternateInvestment/precious_metals.py:455
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/backtesting/vectorbt/vbt_metrics.py:649
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/backtesting/zipline/zl_data.py:46
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_database/deal_tracker.py:294
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/collar_mechanisms.py:317
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/cvr_valuation.py:328
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/cvr_valuation.py:329
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/earnout_calculator.py:252
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/exchange_ratio.py:201
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/payment_structure.py:260
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/deal_structure/payment_structure.py:261
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/fairness_opinion/premium_analysis.py:247
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/fairness_opinion/valuation_framework.py:285
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/fairness_opinion/valuation_framework.py:364
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/industry_metrics/healthcare.py:416
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/industry_metrics/technology.py:355
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/lbo/lbo_model.py:295
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/lbo/returns_calculator.py:97
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/merger_models/contribution_analysis.py:93
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
fincept-qt/scripts/Analytics/corporateFinance/merger_models/merger_model.py:273
· conf 0.86
Duplicated implementation block across source filesAIC005
Duplicate top-level symbol appears in a patch-style file
fincept-qt/scripts/akshare_alternative.py:1
· conf 0.64
Duplicate top-level symbol appears in a patch-style fileCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_data.py:74
· conf 0.95
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — n…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
.github/scripts/update_readme_table.py:28
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches…DKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsSEC002
Hardcoded API Key
fincept-qt/src/screens/data_sources/connectors/CloudStorage.cpp:20
· conf 0.40
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.SEC002
Hardcoded API Key
fincept-qt/src/screens/data_sources/connectors/NoSqlDatabases.cpp:76
· conf 0.40
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.SEC010
Cloud Provider Token
fincept-qt/src/screens/data_sources/connectors/CloudStorage.cpp:20
· conf 0.20
[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code.SEC010
Cloud Provider Token
fincept-qt/src/screens/data_sources/connectors/NoSqlDatabases.cpp:76
· conf 0.20
[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code.SEC132
String concat where the language has interpolation (AI style drift)
fincept-qt/src/mcp/tools/WatchlistTools.cpp:241
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
fincept-qt/src/screens/portfolio/PortfolioTxnPanel.cpp:189
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 425 more): Same pattern found in 425 additional files. Review if needed.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
[ERR001] Silent Exception Swallowing (and 22 more): Same pattern found in 22 additional files. Review if needed.MINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 36 more): Same pattern found in 36 additional files. Review if needed.MINED004
Weak Crypto
CWE-327
[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED009
Floats For Money
CWE-682
[MINED009] Floats For Money (and 15 more): Same pattern found in 15 additional files. Review if needed.MINED017
C System Call
CWE-78
[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED042
Cpp New Without Delete
CWE-401
[MINED042] Cpp New Without Delete (and 248 more): Same pattern found in 248 additional files. Review if needed.MINED042
Cpp New Without Delete
CWE-401
fincept-qt/src/algo_engine/AlgoEngine.cpp:41
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
fincept-qt/src/app/DockScreenRouter_Materialize.cpp:97
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
fincept-qt/src/app/InstanceLock.cpp:120
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED043
Http Not Https
CWE-319
[MINED043] Http Not Https (and 176 more): Same pattern found in 176 additional files. Review if needed.MINED043
Http Not Https
CWE-319
fincept-qt/scripts/abs_data.py:24
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
fincept-qt/scripts/acled_data.py:19
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
fincept-qt/scripts/adb_data_extended.py:18
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED047
Emoji In Source
fincept-qt/src/core/currency/CurrencyManager.cpp:18
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED049
Print Pii
CWE-532
[MINED049] Print Pii (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED049
Print Pii
CWE-532
fincept-qt/scripts/dexscreener_data.py:103
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
fincept-qt/scripts/exchange/totp_gen.py:9
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
fincept-qt/scripts/open_parliament_data.py:75
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 61 more): Same pattern found in 61 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_data.py:96
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
fincept-qt/scripts/Analytics/backtesting/backtestingpy/btp_optimize.py:291
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
fincept-qt/scripts/Analytics/backtesting/fasttrade/ft_cli.py:35
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED062
Python Dataclass No Fields
[MINED062] Python Dataclass No Fields (and 19 more): Same pattern found in 19 additional files. Review if needed.MINED062
Python Dataclass No Fields
fincept-qt/scripts/Analytics/alternateInvestment/config.py:130
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
fincept-qt/scripts/Analytics/corporateFinance/lbo/capital_structure.py:5
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
fincept-qt/scripts/Analytics/corporateFinance/merger_models/pro_forma_builder.py:6
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED064
Python Input Call
fincept-qt/scripts/portfolio_sparklines.py:3
· conf 1.00
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.MINED064
Python Input Call
fincept-qt/scripts/quantstats_monte_carlo.py:3
· conf 1.00
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.MINED067
Python Requests No Timeout
CWE-400
[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED067
Python Requests No Timeout
CWE-400
fincept-qt/scripts/alphavantage_data.py:30
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED067
Python Requests No Timeout
CWE-400
fincept-qt/scripts/coingecko.py:27
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED067
Python Requests No Timeout
CWE-400
fincept-qt/scripts/polymarket.py:33
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED072
Python Pass Only Class
CWE-1188
fincept-qt/scripts/strip_datahub_guard.py:43
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.MINED077
Python Open No Context
CWE-772
fincept-qt/scripts/i18n/apply_new_strings.py:37
· conf 1.00
[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.MINED077
Python Open No Context
CWE-772
fincept-qt/scripts/i18n/apply_translations.py:35
· conf 1.00
[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.MINED099
Hardcoded Secret
CWE-798
fincept-qt/src/screens/data_sources/connectors/CloudStorage.cpp:20
· conf 0.10
[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials.MINED099
Hardcoded Secret
CWE-798
fincept-qt/src/screens/data_sources/connectors/NoSqlDatabases.cpp:76
· conf 0.10
[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials.SEC011
Unsafe PyTorch Model Loading
fincept-qt/scripts/vision_quant/setup_index.py:188
· conf 0.10
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC020
Secret Printed to Logs
fincept-qt/scripts/dexscreener_data.py:103
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 55 more): Same pattern found in 55 additional files. Review if needed.SEC045
eval()/exec() on stored or user-supplied data
[SEC045] eval()/exec() on stored or user-supplied data (and 34 more): Same pattern found in 34 additional files. Review if needed.SEC048
AWS access key (any prefix)
fincept-qt/src/screens/data_sources/connectors/CloudStorage.cpp:20
· conf 0.10
[SEC048] AWS access key (any prefix): AWS access key ID detected (supports access, session, batch, codecommit prefixes). Ported from gitleaks aws-access-token (MIT).SEC048
AWS access key (any prefix)
fincept-qt/src/screens/data_sources/connectors/NoSqlDatabases.cpp:76
· conf 0.10
[SEC048] AWS access key (any prefix): AWS access key ID detected (supports access, session, batch, codecommit prefixes). Ported from gitleaks aws-access-token (MIT).SEC078
Python: requests without timeout
[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.SEC078
Python: requests without timeout
fincept-qt/scripts/alphavantage_data.py:30
· conf 0.10
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…SEC085
JS: child_process.exec with non-literal
[SEC085] JS: child_process.exec with non-literal (and 17 more): Same pattern found in 17 additional files. Review if needed.SEC128
Async function without await — fire-and-forget Promise (AI mistake)
[SEC128] Async function without await — fire-and-forget Promise (AI mistake) (and 30 more): Same pattern found in 30 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/cf8d150c-1ae6-479e-85bd-10f7a83b2b6b/.