https://github.com/microsoft/markitdown ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 27 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 24 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
MINED106 Phantom test coverage (assertion-free test) |
high | 4 |
MINED001 Bare Except Pass |
high | 4 |
ERR001 [ERR001] Silent Exception Swallowing (and 2 more): Same pat… |
info | 4 |
MINED050 Stub Only Function |
info | 4 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 4 |
MINED118 Dockerfile FROM not pinned by sha256 digest |
high | 2 |
MINED107
Missing Python import (NameError at runtime)
CWE-1075
packages/markitdown/tests/test_module_misc.py:324
· conf 1.00
[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes.MINED001
Bare Except Pass
CWE-755
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:155
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:121
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:211
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED006
Overcatch Baseexception
CWE-705
packages/markitdown/src/markitdown/converters/_rss_converter.py:68
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
packages/markitdown/tests/test_cu_converter.py:628
· conf 1.00
[MINED106] Phantom test coverage: test_get_analyzer_failure_raises_value_error: Test function `test_get_analyzer_failure_raises_value_error` runs code but contains no assert / expect / should call — …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
packages/markitdown/tests/test_cu_converter.py:727
· conf 1.00
[MINED106] Phantom test coverage: test_nonexistent_analyzer_raises_value_error: Test function `test_nonexistent_analyzer_raises_value_error` runs code but contains no assert / expect / should call — …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
packages/markitdown/tests/test_cu_converter.py:847
· conf 1.00
[MINED106] Phantom test coverage: test_cu_file_types_invalid_value: Test function `test_cu_file_types_invalid_value` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
packages/markitdown/tests/test_module_misc.py:255
· conf 1.00
[MINED106] Phantom test coverage: test_docx_comments: Test function `test_docx_comments` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverag…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:88
· conf 1.00
[MINED108] `self._extract_and_ocr_images` used but never assigned in __init__: Method `convert` of class `DocxConverterWithOCR` reads `self._extract_and_ocr_images`, but no assignment to it exists in…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:99
· conf 1.00
[MINED108] `self._inject_placeholders` used but never assigned in __init__: Method `convert` of class `DocxConverterWithOCR` reads `self._inject_placeholders`, but no assignment to it exists in __ini…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:193
· conf 1.00
[MINED108] `self._extract_page_images` used but never assigned in __init__: Method `convert` of class `PdfConverterWithOCR` reads `self._extract_page_images`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:309
· conf 1.00
[MINED108] `self._ocr_full_pages` used but never assigned in __init__: Method `convert` of class `PdfConverterWithOCR` reads `self._ocr_full_pages`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:91
· conf 1.00
[MINED108] `self._is_picture` used but never assigned in __init__: Method `convert` of class `PptxConverterWithOCR` reads `self._is_picture`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:141
· conf 1.00
[MINED108] `self._is_table` used but never assigned in __init__: Method `convert` of class `PptxConverterWithOCR` reads `self._is_table`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:142
· conf 1.00
[MINED108] `self._convert_table_to_markdown` used but never assigned in __init__: Method `convert` of class `PptxConverterWithOCR` reads `self._convert_table_to_markdown`, but no assignment to it exi…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:146
· conf 1.00
[MINED108] `self._convert_chart_to_markdown` used but never assigned in __init__: Method `convert` of class `PptxConverterWithOCR` reads `self._convert_chart_to_markdown`, but no assignment to it exi…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:82
· conf 1.00
[MINED108] `self._convert_with_ocr` used but never assigned in __init__: Method `convert` of class `XlsxConverterWithOCR` reads `self._convert_with_ocr`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:86
· conf 1.00
[MINED108] `self._convert_standard` used but never assigned in __init__: Method `convert` of class `XlsxConverterWithOCR` reads `self._convert_standard`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:139
· conf 1.00
[MINED108] `self._extract_and_ocr_sheet_images` used but never assigned in __init__: Method `_convert_with_ocr` of class `XlsxConverterWithOCR` reads `self._extract_and_ocr_sheet_images`, but no assi…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:191
· conf 1.00
[MINED108] `self._column_number_to_letter` used but never assigned in __init__: Method `_extract_and_ocr_sheet_images` of class `XlsxConverterWithOCR` reads `self._column_number_to_letter`, but no as…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:182
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:185
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:188
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:191
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:192
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:193
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:194
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/src/markitdown/_markitdown.py:195
· conf 1.00
[MINED108] `self.register_converter` used but never assigned in __init__: Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/tests/test_cu_converter.py:691
· conf 1.00
[MINED108] `self._run_convert` used but never assigned in __init__: Method `test_pdf_returns_markdown` of class `TestConvertMock` reads `self._run_convert`, but no assignment to it exists in __init__…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/tests/test_cu_converter.py:697
· conf 1.00
[MINED108] `self._run_convert` used but never assigned in __init__: Method `test_mp4_returns_markdown` of class `TestConvertMock` reads `self._run_convert`, but no assignment to it exists in __init__…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/tests/test_cu_converter.py:703
· conf 1.00
[MINED108] `self._run_convert` used but never assigned in __init__: Method `test_wav_returns_markdown` of class `TestConvertMock` reads `self._run_convert`, but no assignment to it exists in __init__…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/tests/test_cu_converter.py:709
· conf 1.00
[MINED108] `self._run_convert` used but never assigned in __init__: Method `test_empty_result` of class `TestConvertMock` reads `self._run_convert`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
packages/markitdown/tests/test_cu_converter.py:713
· conf 1.00
[MINED108] `self._run_convert` used but never assigned in __init__: Method `test_jpeg_returns_markdown` of class `TestConvertMock` reads `self._run_convert`, but no assignment to it exists in __init_…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pre-commit.yml:8
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pre-commit.yml:10
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/tests.yml:8
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/tests.yml:9
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
Dockerfile:1
· conf 0.90
[MINED118] Dockerfile FROM `python:3.13-slim-bullseye` not pinned by digest: `FROM python:3.13-slim-bullseye` resolves the tag at build time. The registry CAN re-push a different image for the same t…MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
packages/markitdown-mcp/Dockerfile:1
· conf 0.90
[MINED118] Dockerfile FROM `python:3.13-slim-bullseye` not pinned by digest: `FROM python:3.13-slim-bullseye` resolves the tag at build time. The registry CAN re-push a different image for the same t…MINED131
pre-commit hook pinned to branch/tag instead of SHA
CWE-829
.pre-commit-config.yaml:2
· conf 0.90
[MINED131] pre-commit hook `https://github.com/psf/black` pinned to mutable rev `23.7.0`: `.pre-commit-config.yaml` references `https://github.com/psf/black` at `rev: 23.7.0`. If `{rev}` is a branch …SEC128
Async function without await — fire-and-forget Promise (AI mistake)
packages/markitdown/src/markitdown/_stream_info.py:30
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…DKR014
Dockerfile copies the entire context without .dockerignore
Dockerfile:22
· conf 0.76
Dockerfile copies broad context with incomplete .dockerignoreDKR014
Dockerfile copies the entire context without .dockerignore
packages/markitdown-mcp/Dockerfile:17
· conf 0.76
Dockerfile copies broad context with incomplete .dockerignoreERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:155
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:121
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:211
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
packages/markitdown/src/markitdown/converters/_doc_intel_converter.py:133
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:152
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:78
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:107
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:120
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:297
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:302
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:380
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:386
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:413
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:419
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:248
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:208
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_image_converter.py:112
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_llm_caption.py:24
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_pdf_converter.py:576
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_pptx_converter.py:262
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_rss_converter.py:176
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_youtube_converter.py:114
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_youtube_converter.py:176
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converters/_youtube_converter.py:232
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/converter_utils/docx/pre_process.py:150
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/_markitdown.py:79
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/_markitdown.py:268
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
packages/markitdown/src/markitdown/_markitdown.py:630
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC123
Production stack trace / debug output exposed
packages/markitdown-mcp/src/markitdown_mcp/__main__.py:129
· conf 1.00
[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals — sometimes triggers RCE (Django debug page w…SEC136
AI-typical over-broad exception handler swallowing all errors
packages/markitdown/src/markitdown/converters/_image_converter.py:110
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…SEC136
AI-typical over-broad exception handler swallowing all errors
packages/markitdown/src/markitdown/converters/_llm_caption.py:22
· conf 1.00
[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…AIC003
Duplicated implementation block across source files
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:105
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:38
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_audio_converter.py:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_csv_converter.py:18
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_docx_converter.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_docx_converter.py:37
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_epub_converter.py:22
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_epub_converter.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_html_converter.py:4
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_html_converter.py:18
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_image_converter.py:15
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_image_converter.py:23
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_llm_caption.py:13
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_outlook_msg_converter.py:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pdf_converter.py:342
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pdf_converter.py:350
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pdf_converter.py:354
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_plain_text_converter.py:35
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pptx_converter.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pptx_converter.py:30
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_pptx_converter.py:41
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_wikipedia_converter.py:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_xlsx_converter.py:46
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_youtube_converter.py:41
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_youtube_converter.py:42
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
packages/markitdown/src/markitdown/converters/_zip_converter.py:45
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
packages/markitdown-mcp/src/markitdown_mcp/__main__.py:82
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:126
· conf 0.95
[COMP001] High cognitive complexity: Function `_extract_and_ocr_images` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understa…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:48
· conf 0.95
[COMP001] High cognitive complexity: Function `extract_text` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…DKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsDKR010
Dockerfile leaves apt package indexes in the image layer
Dockerfile:8
· conf 0.74
Dockerfile leaves apt package indexes in the image layerDKR010
Dockerfile leaves apt package indexes in the image layer
packages/markitdown-mcp/Dockerfile:10
· conf 0.74
Dockerfile leaves apt package indexes in the image layerCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 33 more): Same pattern found in 33 additional files. Review if needed.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 11 more): Same pattern found in 11 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:156
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:122
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:136
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED062
Python Dataclass No Fields
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:13
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED062
Python Dataclass No Fields
packages/markitdown/src/markitdown/_stream_info.py:5
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED069
Debug True Prod
CWE-489
packages/markitdown-mcp/src/markitdown_mcp/__main__.py:129
· conf 1.00
[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.MINED072
Python Pass Only Class
CWE-1188
packages/markitdown/src/markitdown/converters/_doc_intel_converter.py:28
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/dbdaf599-dde3-40fb-aea4-0a5672c27966/.