﻿{
  "mustel_version": "0.2.0",
  "schema_version": 1,
  "scanned_at": "2026-04-22T10:00:24.807880+00:00",
  "project_root": "C:\\Users\\AK\\OneDrive\\Desktop\\mustel 0.2.0\\mustel\\benchmarks\\projects\\real_world\\evfa",
  "files_scanned": 23,
  "scan_duration_ms": 2249,
  "results": {
    "errors": [
      {
        "id": "E001",
        "file": "models\\__init__.py",
        "line": 6,
        "col": 19,
        "severity": "error",
        "category": "bug",
        "rule": "F401",
        "message": "`.user.User` imported but unused; consider removing, adding to `__all__`, or using a redundant alias",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E002",
        "file": "models\\__init__.py",
        "line": 7,
        "col": 32,
        "severity": "error",
        "category": "bug",
        "rule": "F401",
        "message": "`.registration_code.RegistrationCode` imported but unused; consider removing, adding to `__all__`, or using a redundant alias",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E003",
        "file": "models\\__init__.py",
        "line": 8,
        "col": 19,
        "severity": "error",
        "category": "bug",
        "rule": "F401",
        "message": "`.note.Note` imported but unused; consider removing, adding to `__all__`, or using a redundant alias",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E004",
        "file": "routes\\__init__.py",
        "line": 10,
        "col": 12,
        "severity": "error",
        "category": "bug",
        "rule": "F401",
        "message": "`routes.registration_codes` imported but unused",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E005",
        "file": "routes\\account.py",
        "line": 84,
        "col": 89,
        "severity": "error",
        "category": "bug",
        "rule": "E501",
        "message": "Line too long (100 > 88)",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E006",
        "file": "routes\\signup.py",
        "line": 17,
        "col": 89,
        "severity": "error",
        "category": "bug",
        "rule": "E501",
        "message": "Line too long (91 > 88)",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "E007",
        "file": "utils\\notes.py",
        "line": 11,
        "col": 17,
        "severity": "error",
        "category": "bug",
        "rule": "E712",
        "message": "Avoid equality comparisons to `False`; use `not Note.private:` for false checks",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      }
    ],
    "security": [
      {
        "id": "S001",
        "file": "app.py",
        "line": 6,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S002",
        "file": "app.py",
        "line": 11,
        "col": 1,
        "severity": "high",
        "category": "security",
        "rule": "flask-hardcoded-secret-key",
        "message": "Flask SECRET_KEY is hardcoded in source code. Anyone with access to the code can forge session cookies. Generate a strong random key and store it in an environment variable: SECRET_KEY = os.environ['SECRET_KEY'].",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-259",
        "fix_available": false
      },
      {
        "id": "S003",
        "file": "routes\\account.py",
        "line": 8,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S004",
        "file": "routes\\account.py",
        "line": 118,
        "col": 23,
        "severity": "medium",
        "category": "security",
        "rule": "B301:blacklist",
        "message": "Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.",
        "engine": "bandit",
        "module_context": "",
        "cwe": "CWE-502",
        "fix_available": false
      },
      {
        "id": "S005",
        "file": "routes\\home.py",
        "line": 1,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S006",
        "file": "routes\\login.py",
        "line": 3,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S007",
        "file": "routes\\notes.py",
        "line": 3,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S008",
        "file": "routes\\registration_codes.py",
        "line": 6,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S009",
        "file": "routes\\signup.py",
        "line": 6,
        "col": 1,
        "severity": "medium",
        "category": "security",
        "rule": "flask-no-csrf",
        "message": "Ensure Flask forms are protected against CSRF attacks. Use Flask-WTF or implement CSRF tokens manually for all state-changing POST endpoints.",
        "engine": "mustel-patterns",
        "module_context": "flask",
        "cwe": "CWE-352",
        "fix_available": false
      },
      {
        "id": "S010",
        "file": "routes\\signup.py",
        "line": 16,
        "col": 18,
        "severity": "high",
        "category": "security",
        "rule": "S608",
        "message": "Possible SQL injection vector through string-based query construction",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "S011",
        "file": "utils\\profile_image.py",
        "line": 7,
        "col": 10,
        "severity": "medium",
        "category": "security",
        "rule": "B310:blacklist",
        "message": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.",
        "engine": "bandit",
        "module_context": "",
        "cwe": "CWE-22",
        "fix_available": false
      }
    ],
    "warnings": [
      {
        "id": "W001",
        "file": "app.py",
        "line": 25,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `unauthorized`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W002",
        "file": "app.py",
        "line": 30,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `page_not_found`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W003",
        "file": "db_seed.py",
        "line": 6,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `setup_db`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      },
      {
        "id": "W004",
        "file": "models\\registration_code.py",
        "line": 8,
        "col": 9,
        "severity": "warning",
        "category": "style",
        "rule": "ANN204",
        "message": "Missing return type annotation for special method `__init__`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      },
      {
        "id": "W005",
        "file": "models\\user.py",
        "line": 10,
        "col": 9,
        "severity": "warning",
        "category": "style",
        "rule": "ANN204",
        "message": "Missing return type annotation for special method `__init__`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      },
      {
        "id": "W006",
        "file": "routes\\__init__.py",
        "line": 4,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `init`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      },
      {
        "id": "W007",
        "file": "routes\\account.py",
        "line": 20,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `account`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W008",
        "file": "routes\\account.py",
        "line": 26,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `search`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W009",
        "file": "routes\\account.py",
        "line": 43,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `get_personal_notes`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W010",
        "file": "routes\\account.py",
        "line": 53,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `add_image`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W011",
        "file": "routes\\account.py",
        "line": 69,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `update_account`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W012",
        "file": "routes\\account.py",
        "line": 99,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `toggle_darkmode`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W013",
        "file": "routes\\account.py",
        "line": 113,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `before_request`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": true
      },
      {
        "id": "W014",
        "file": "routes\\home.py",
        "line": 10,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `index`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W015",
        "file": "routes\\home.py",
        "line": 16,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `home`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W016",
        "file": "routes\\login.py",
        "line": 18,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `login`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W017",
        "file": "routes\\login.py",
        "line": 23,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `do_login`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W018",
        "file": "routes\\login.py",
        "line": 45,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `logout`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W019",
        "file": "routes\\login.py",
        "line": 51,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `logged_in`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W020",
        "file": "routes\\notes.py",
        "line": 12,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `get_notes`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W021",
        "file": "routes\\notes.py",
        "line": 18,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `add_note`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W022",
        "file": "routes\\notes.py",
        "line": 41,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `delete_note`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W023",
        "file": "routes\\registration_codes.py",
        "line": 14,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `registration_codes`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W024",
        "file": "routes\\registration_codes.py",
        "line": 28,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `add_registration_codes`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W025",
        "file": "routes\\signup.py",
        "line": 29,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `signup`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      },
      {
        "id": "W026",
        "file": "routes\\signup.py",
        "line": 34,
        "col": 5,
        "severity": "warning",
        "category": "style",
        "rule": "ANN201",
        "message": "Missing return type annotation for public function `do_signup`",
        "engine": "ruff",
        "module_context": "",
        "cwe": "",
        "fix_available": false
      }
    ],
    "packages": []
  },
  "summary": {
    "total_errors": 7,
    "total_security": 11,
    "total_warnings": 26,
    "total_package_vulnerabilities": 0,
    "clean": false,
    "highest_severity": "error"
  },
  "agent_prompt": "mustel found 44 issues: HighSec:S002,S010 | Errs:E001,E002,E003,E004,E005,E006,E007 | MedSec:S001,S003,S004,S005,S006,S007,S008,S009,S011 | Warns:W001,W002,W003,W004,W005,W006,W007,W008,W009,W010,W011,W012,W013,W014,W015,W016,W017,W018,W019,W020,W021,W022,W023,W024,W025,W026. Use IDs to lookup details in JSON."
}
