https://github.com/ArcReel/ArcReel ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 25 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED107 Missing Python import (NameError at runtime) |
critical | 16 |
AUC003 [AUC003] Object-level route lacks visible authorization: A … |
high | 10 |
AUC009 [AUC009] Sensitive function route lacks elevated authorizat… |
medium | 10 |
AUC004 [AUC004] Admin route does not show super_admin separation: … |
medium | 10 |
MINED001 Bare Except Pass |
high | 4 |
AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/assets.py:170
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/assets.py:211
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:777
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:855
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/reference_videos.py:233
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/reference_videos.py:271
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/tasks.py:159
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/tasks.py:169
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/versions.py:129
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…AUC003
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/versions.py:165
· conf 0.70
[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…DKC013
Database service has no persistent data volume
deploy/production/docker-compose.yml:1
· conf 0.90
Database service has no persistent data volumeJRN009
Secret-like setting is echoed into a password input value
frontend/src/components/agent/AddCredentialModal.tsx:444
· conf 0.83
Secret-like setting is echoed into a password input valueJRN009
Secret-like setting is echoed into a password input value
frontend/src/components/pages/CredentialList.tsx:280
· conf 0.83
Secret-like setting is echoed into a password input valueJRN009
Secret-like setting is echoed into a password input value
frontend/src/components/pages/CredentialList.tsx:437
· conf 0.83
Secret-like setting is echoed into a password input valueJRN009
Secret-like setting is echoed into a password input value
frontend/src/pages/LoginPage.tsx:117
· conf 0.83
Secret-like setting is echoed into a password input valueMINED001
Bare Except Pass
CWE-755
agent_runtime_profile/.claude/skills/manage-project/scripts/peek_split_point.py:114
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
server/agent_runtime/transcript_reader.py:114
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
server/routers/versions.py:120
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED006
Overcatch Baseexception
CWE-705
server/agent_runtime/session_actor.py:84
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED009
Floats For Money
CWE-682
server/services/cost_estimation.py:22
· conf 1.00
[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
lib/vidu_shared.py:206
· conf 1.00
[MINED106] Phantom test coverage: test_vidu_connection: Test function `test_vidu_connection` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cov…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_compose_video_filter_graph.py:391
· conf 1.00
[MINED106] Phantom test coverage: test_empty_list_raises: Test function `test_empty_list_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_generation_tasks_dispatch.py:23
· conf 1.00
[MINED106] Phantom test coverage: test_execute_generation_task_rejects_unknown_type: Test function `test_execute_generation_task_rejects_unknown_type` runs code but contains no assert / expect / shou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_newapi_video_backend.py:209
· conf 1.00
[MINED106] Phantom test coverage: test_failed_status_raises: Test function `test_failed_status_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Add…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_newapi_video_backend.py:292
· conf 1.00
[MINED106] Phantom test coverage: test_polling_timeout_raises: Test function `test_polling_timeout_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviour.…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:82
· conf 1.00
[MINED106] Phantom test coverage: test_create_project_metadata_rejects_legacy_image_backend: Test function `test_create_project_metadata_rejects_legacy_image_backend` runs code but contains no assert…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:643
· conf 1.00
[MINED106] Phantom test coverage: test_from_cwd_raises_when_no_project_json: Test function `test_from_cwd_raises_when_no_project_json` runs code but contains no assert / expect / should call — it pas…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:655
· conf 1.00
[MINED106] Phantom test coverage: test_get_project_path_rejects_traversal: Test function `test_get_project_path_rejects_traversal` runs code but contains no assert / expect / should call — it passes …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:664
· conf 1.00
[MINED106] Phantom test coverage: test_normalize_project_name_rejects_special_chars: Test function `test_normalize_project_name_rejects_special_chars` runs code but contains no assert / expect / shou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:673
· conf 1.00
[MINED106] Phantom test coverage: test_load_script_rejects_traversal_filename: Test function `test_load_script_rejects_traversal_filename` runs code but contains no assert / expect / should call — it…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:680
· conf 1.00
[MINED106] Phantom test coverage: test_save_script_rejects_traversal_filename: Test function `test_save_script_rejects_traversal_filename` runs code but contains no assert / expect / should call — it…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_project_manager_more.py:719
· conf 1.00
[MINED106] Phantom test coverage: test_raises_when_unresolvable: Test function `test_raises_when_unresolvable` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:167
· conf 1.00
[MINED106] Phantom test coverage: test_non_list_items_fail_loud: Test function `test_non_list_items_fail_loud` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:172
· conf 1.00
[MINED106] Phantom test coverage: test_present_but_null_fails_loud: Test function `test_present_but_null_fails_loud` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:217
· conf 1.00
[MINED106] Phantom test coverage: test_patch_unknown_id_raises: Test function `test_patch_unknown_id_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:221
· conf 1.00
[MINED106] Phantom test coverage: test_patch_generated_assets_rejected: Test function `test_patch_generated_assets_rejected` runs code but contains no assert / expect / should call — it passes regard…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:226
· conf 1.00
[MINED106] Phantom test coverage: test_patch_id_field_rejected: Test function `test_patch_id_field_rejected` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:236
· conf 1.00
[MINED106] Phantom test coverage: test_patch_missing_parent_path_raises: Test function `test_patch_missing_parent_path_raises` runs code but contains no assert / expect / should call — it passes rega…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:265
· conf 1.00
[MINED106] Phantom test coverage: test_insert_unknown_anchor_raises: Test function `test_insert_unknown_anchor_raises` runs code but contains no assert / expect / should call — it passes regardless o…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:284
· conf 1.00
[MINED106] Phantom test coverage: test_remove_unknown_id_raises: Test function `test_remove_unknown_id_raises` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:306
· conf 1.00
[MINED106] Phantom test coverage: test_split_requires_at_least_two_parts: Test function `test_split_requires_at_least_two_parts` runs code but contains no assert / expect / should call — it passes re…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_editor.py:310
· conf 1.00
[MINED106] Phantom test coverage: test_split_unknown_id_raises: Test function `test_split_unknown_id_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_models.py:78
· conf 1.00
[MINED106] Phantom test coverage: test_duration_rejects_out_of_range: Test function `test_duration_rejects_out_of_range` runs code but contains no assert / expect / should call — it passes regardless…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_models.py:357
· conf 1.00
[MINED106] Phantom test coverage: test_template_dict_validates_against_generated_assets_model: Test function `test_template_dict_validates_against_generated_assets_model` runs code but contains no as…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_script_models.py:365
· conf 1.00
[MINED106] Phantom test coverage: test_video_thumbnail_runtime_write_passes_strict_validation: Test function `test_video_thumbnail_runtime_write_passes_strict_validation` runs code but contains no as…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/cost_calculator.py:56
· conf 1.00
[MINED108] `self._calculate_custom_cost` used but never assigned in __init__: Method `calculate_cost` of class `CostCalculator` reads `self._calculate_custom_cost`, but no assignment to it exists in …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:150
· conf 1.00
[MINED108] `self._resolve_existing_path` used but never assigned in __init__: Method `_validate_local_reference` of class `DataValidator` reads `self._resolve_existing_path`, but no assignment to it …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:223
· conf 1.00
[MINED108] `self._validate_project_catalog` used but never assigned in __init__: Method `_validate_project_payload` of class `DataValidator` reads `self._validate_project_catalog`, but no assignment …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:229
· conf 1.00
[MINED108] `self._validate_project_catalog` used but never assigned in __init__: Method `_validate_project_payload` of class `DataValidator` reads `self._validate_project_catalog`, but no assignment …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:293
· conf 1.00
[MINED108] `self._validate_project_payload` used but never assigned in __init__: Method `validate_project_payload` of class `DataValidator` reads `self._validate_project_payload`, but no assignment t…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:298
· conf 1.00
[MINED108] `self.validate_project_dir` used but never assigned in __init__: Method `validate_project` of class `DataValidator` reads `self.validate_project_dir`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:313
· conf 1.00
[MINED108] `self._validate_project_payload` used but never assigned in __init__: Method `validate_project_dir` of class `DataValidator` reads `self._validate_project_payload`, but no assignment to it…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:329
· conf 1.00
[MINED108] `self._validate_local_reference` used but never assigned in __init__: Method `_validate_generated_assets` of class `DataValidator` reads `self._validate_local_reference`, but no assignment…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:336
· conf 1.00
[MINED108] `self._validate_local_reference` used but never assigned in __init__: Method `_validate_generated_assets` of class `DataValidator` reads `self._validate_local_reference`, but no assignment…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:343
· conf 1.00
[MINED108] `self._validate_local_reference` used but never assigned in __init__: Method `_validate_generated_assets` of class `DataValidator` reads `self._validate_local_reference`, but no assignment…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:350
· conf 1.00
[MINED108] `self._validate_local_reference` used but never assigned in __init__: Method `_validate_generated_assets` of class `DataValidator` reads `self._validate_local_reference`, but no assignment…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:403
· conf 1.00
[MINED108] `self._validate_segment_refs` used but never assigned in __init__: Method `_validate_segments` of class `DataValidator` reads `self._validate_segment_refs`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:412
· conf 1.00
[MINED108] `self._validate_segment_refs` used but never assigned in __init__: Method `_validate_segments` of class `DataValidator` reads `self._validate_segment_refs`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:428
· conf 1.00
[MINED108] `self._validate_generated_assets` used but never assigned in __init__: Method `_validate_segments` of class `DataValidator` reads `self._validate_generated_assets`, but no assignment to it…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/data_validator.py:502
· conf 1.00
[MINED108] `self._validate_generated_assets` used but never assigned in __init__: Method `_validate_scenes` of class `DataValidator` reads `self._validate_generated_assets`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/media_generator.py:139
· conf 1.00
[MINED108] `self._sync` used but never assigned in __init__: Method `generate_image` of class `MediaGenerator` reads `self._sync`, but no assignment to it exists in __init__ (and no class-level fallb…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/media_generator.py:140
· conf 1.00
[MINED108] `self.generate_image_async` used but never assigned in __init__: Method `generate_image` of class `MediaGenerator` reads `self.generate_image_async`, but no assignment to it exists in __in…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/media_generator.py:178
· conf 1.00
[MINED108] `self._get_output_path` used but never assigned in __init__: Method `generate_image_async` of class `MediaGenerator` reads `self._get_output_path`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/media_generator.py:179
· conf 1.00
[MINED108] `self._ensure_parent_dir` used but never assigned in __init__: Method `generate_image_async` of class `MediaGenerator` reads `self._ensure_parent_dir`, but no assignment to it exists in __…MINED108
self.attribute used but never assigned in __init__
CWE-476
lib/media_generator.py:316
· conf 1.00
[MINED108] `self._sync` used but never assigned in __init__: Method `generate_video` of class `MediaGenerator` reads `self._sync`, but no assignment to it exists in __init__ (and no class-level fallb…AGT007
localStorage write failures are swallowed silently
frontend/src/hooks/useAssistantSession.ts:100
· conf 0.80
localStorage write failures are swallowed silentlyAGT007
localStorage write failures are swallowed silently
frontend/src/stores/app-store.ts:223
· conf 0.80
localStorage write failures are swallowed silentlyAGT015
Remote install command pipes network code directly to a shell
docs/getting-started.md:86
· conf 0.70
Remote install command pipes network code directly to a shellAIC004
Suspicious implementation file appears unreferenced
alembic/versions/0426_endpoint_refactor.py:1
· conf 0.78
Suspicious implementation file appears unreferencedAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 38.1% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/_asset_router_factory.py:157
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/cost_estimation.py:24
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/grids.py:227
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:354
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:603
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:737
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:757
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:855
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:1009
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
server/routers/projects.py:1027
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/api_keys.py:128
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/assets.py:198
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/assets.py:211
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/assistant.py:137
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/projects.py:138
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/projects.py:208
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/projects.py:240
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/projects.py:302
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/reference_videos.py:271
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
server/routers/versions.py:165
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC012
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
agent_runtime_profile/.claude/skills/manage-project/scripts/_text_utils.py:25
· conf 0.95
[COMP001] High cognitive complexity: Function `find_char_offset` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — ne…DKC005
Compose service adds dangerous Linux capabilities
deploy/docker-compose.yml:1
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKC005
Compose service adds dangerous Linux capabilities
deploy/production/docker-compose.yml:17
· conf 0.72
Compose service adds dangerous Linux capabilitiesDKR001
Docker final stage has no non-root USER
Dockerfile:25
· conf 0.82
Docker final stage has no non-root USERDKR003
Dockerfile base image uses the latest tag
deploy/docker-compose.yml:1
· conf 0.94
Compose service `arcreel` image uses the latest tagDKR003
Dockerfile base image uses the latest tag
deploy/production/docker-compose.yml:17
· conf 0.94
Compose service `arcreel` image uses the latest tagERR002
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
frontend/src/components/canvas/grid/GridPreviewView.tsx:57
· conf 1.00
[ERR002] Empty Catch Block: Empty catch blocks hide errors.JRN002
Browser storage is used for session token material
frontend/src/utils/auth.ts:4
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
frontend/src/utils/auth.ts:8
· conf 0.82
Browser storage is used for session token materialJRN003
Frontend API reference is not matched by discovered backend routes
frontend/src/api.ts:252
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
frontend/src/pages/LoginPage.tsx:46
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
frontend/src/stores/auth-store.ts:32
· conf 0.74
Frontend API reference is not matched by discovered backend routesMINED111
Bare except continues silently
agent_runtime_profile/.claude/skills/compose-video/scripts/compose_video.py:723
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
lib/db/repositories/task_repo.py:34
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
lib/generation_queue_client.py:454
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
lib/i18n/__init__.py:105
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
lib/logging_utils.py:119
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
lib/project_migrations/v0_to_v1_clues_to_scenes_props.py:88
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
scripts/generate_style_thumbnails.py:111
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
scripts/probe_smoke.py:34
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
scripts/verify_reference_video_sdks.py:182
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/agent_runtime/session_actor.py:154
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/routers/projects.py:991
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/cost_estimation.py:54
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/cost_estimation.py:59
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/cost_estimation.py:64
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/cost_estimation.py:130
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/diagnostics.py:22
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/diagnostics.py:42
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/diagnostics.py:85
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/generation_tasks.py:558
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/generation_tasks.py:571
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/generation_tasks.py:836
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
server/services/generation_tasks.py:848
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tests/test_project_manager_concurrent_save.py:105
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tests/test_project_manager_concurrent_save.py:112
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tests/test_project_manager_migration.py:148
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC015
Insecure Randomness for Security
server/routers/api_keys.py:72
· conf 1.00
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC045
eval()/exec() on stored or user-supplied data
frontend/src/components/copilot/chat/ToolCallWithResult.tsx:84
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
frontend/src/utils/duration_format.ts:60
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC139
AI-generated migration/route without companion test file
alembic/versions/3c6d6152046e_rename_seedance_provider_to_ark.py:22
· conf 1.00
[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks — exactly the surfaces that need tests — with no companion tes…SEC139
AI-generated migration/route without companion test file
alembic/versions/5b87accc10dd_split_default_image_backend_setting_.py:48
· conf 1.00
[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks — exactly the surfaces that need tests — with no companion tes…SEC139
AI-generated migration/route without companion test file
alembic/versions/802fa55d8aff_sdk_session_id_upgrade_to_unique_not_.py:25
· conf 1.00
[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks — exactly the surfaces that need tests — with no companion tes…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtAIC002
Source file name looks like an AI patch artifact
alembic/versions/0426_endpoint_refactor.py:1
· conf 0.62
Source file name looks like an AI patch artifactAIC003
Duplicated implementation block across source files
frontend/src/components/assets/AssetPickerModal.tsx:100
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/GalleryEmptyState.tsx:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/GalleryToolbar.tsx:23
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/PropCard.tsx:93
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/PropsPage.tsx:30
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/SceneCard.tsx:19
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/SceneCard.tsx:93
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/lorebook/ScenesPage.tsx:30
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/SourceFilesPage.tsx:88
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/timeline/PreprocessingView.tsx:44
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/timeline/TimelineCanvas.tsx:61
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/canvas/WelcomeCanvas.tsx:322
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/copilot/chat/ThinkingBlock.tsx:13
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/layout/WorkspaceNotificationsDrawer.tsx:75
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/create-project/WizardStep3Style.tsx:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/ProviderSection.tsx:126
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/settings/CustomProviderDetail.tsx:129
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/settings/CustomProviderDetail.tsx:244
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/settings/CustomProviderForm.tsx:660
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/pages/settings/CustomProviderForm.tsx:663
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/shared/ArchiveDiagnosticsDialog.tsx:51
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/task-hud/TaskHud.tsx:464
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/ui/ConfirmDialog.tsx:52
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/ui/SegmentRefsEditModal.tsx:157
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
frontend/src/components/ui/SegmentRefsEditModal.tsx:161
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/custom_provider/duration_presets.py:11
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/generation_queue.py:63
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/text_backends/openai.py:101
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/usage_tracker.py:16
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/video_backends/v2_video_generations.py:19
· conf 0.86
Duplicated implementation block across source filesAIC005
Duplicate top-level symbol appears in a patch-style file
alembic/versions/0426_endpoint_refactor.py:1
· conf 0.64
Duplicate top-level symbol appears in a patch-style fileCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
agent_runtime_profile/.claude/skills/manage-project/scripts/peek_split_point.py:97
· conf 0.95
[COMP001] High cognitive complexity: Function `_resolve_language` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — n…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
agent_runtime_profile/.claude/skills/manage-project/scripts/split_episode.py:90
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…DKC006
Compose service does not declare a runtime user
deploy/docker-compose.yml:1
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
deploy/production/docker-compose.yml:17
· conf 0.56
Compose service does not declare a runtime userDKC010
Compose service lacks no-new-privileges hardening
deploy/docker-compose.yml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
deploy/production/docker-compose.yml:17
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC017
Database password is wired through an environment variable placeholder
deploy/production/docker-compose.yml:1
· conf 0.58
Database password is wired through an environment variable placeholderDKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 36 more): Same pattern found in 36 additional files. Review if needed.MINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
[MINED044] Js Console Log Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
frontend/src/components/copilot/chat/ContentBlockRenderer.tsx:34
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
frontend/src/components/copilot/StreamMarkdown.tsx:25
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
frontend/src/i18n/index.ts:69
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED045
Ts Non Null Assertion
CWE-476
frontend/src/components/copilot/chat/ChatMessage.tsx:20
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
frontend/src/components/copilot/pending-question.ts:80
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
frontend/src/main.tsx:37
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED047
Emoji In Source
[MINED047] Emoji In Source (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED047
Emoji In Source
frontend/src/components/layout/EpisodeCard.tsx:53
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED047
Emoji In Source
frontend/src/i18n/vi/assets.ts:4
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED047
Emoji In Source
frontend/src/i18n/vi/common.ts:38
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
agent_runtime_profile/.claude/skills/manage-project/scripts/peek_split_point.py:115
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
alembic/versions/3c8b0ae43345_fix_truncated_datetime_values.py:63
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
alembic/versions/4c643f3ff5b9_backfill_custom_model_durations.py:81
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED056
React Key As Index
CWE-682
frontend/src/components/canvas/timeline/DialogueListEditor.tsx:35
· conf 1.00
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.MINED056
React Key As Index
CWE-682
frontend/src/components/pages/settings/AboutSection.tsx:116
· conf 1.00
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.SEC002
Hardcoded API Key
scripts/probe_smoke.py:70
· conf 0.15
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 13 more): Same pattern found in 13 additional files. Review if needed.SEC128
Async function without await — fire-and-forget Promise (AI mistake)
[SEC128] Async function without await — fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed.SEC135
Auth/permission check missing on AI-generated endpoint
[SEC135] Auth/permission check missing on AI-generated endpoint (and 4 more): Same pattern found in 4 additional files. Review if needed.SEC139
AI-generated migration/route without companion test file
[SEC139] AI-generated migration/route without companion test file (and 3 more): Same pattern found in 3 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/dd36d6e3-11f5-44b3-8d7f-dfaaeda3f411/.