Close Open Privacy Scan

bolt Snapshot: commit 3949e1c
science engine v3
schedule 2026-07-13T13:16:22.813698+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

77 /100
Medium privacy risk

Medium risk · 6177 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

egress −10
telemetry −10
env_fs −3

list Scan Summary

32 high 804 medium 5341 low
First-party packages: 2
Dependency packages: 90
Ecosystem: python

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (32)
high mcp dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:221 pkgs/python/[email protected]/src/openai/lib/azure.py:258
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:506 pkgs/python/[email protected]/src/openai/lib/azure.py:543
high poetry dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/poetry/utils/authenticator.py:197 pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:103 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:128 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:188 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:212 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:123 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:144 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:200 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:225 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
high openhands-sdk dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:129 pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #5d0aa2825e851c65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/openhands/analytics/analytics_service.py:18
from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 356 low-confidence finding(s)
low env_fs production #42ffe7f117f0729a Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:45
    if 'OPENHANDS_REPO' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ceeb0b639985237 Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:46
        repo_path = Path(os.environ['OPENHANDS_REPO'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8037cd5eb667bee Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:103
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f195aa03987282 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:18
        with open(yaml_file, 'r') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d42e380f6202d2c0 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:68
        with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f7b540ba8b435c Environment-variable access.
repo/enterprise/enterprise_local/convert_to_env.py:75
lite_llm_api_key = os.getenv('LITE_LLM_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #146909b52b48e636 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:127
with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13c8e24a0439b247 Environment-variable access.
repo/enterprise/integrations/github/data_collector.py:51
    os.getenv('COLLECT_GITHUB_INTERACTIONS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17ea33dd0531519b Environment-variable access.
repo/enterprise/integrations/utils.py:23
    os.getenv('ENABLE_PROACTIVE_CONVERSATION_STARTERS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #126c615f6e075e22 Environment-variable access.
repo/enterprise/integrations/utils.py:107
    os.getenv('OPENHANDS_RESOLVER_TEMPLATES_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2953a5213537e392 Environment-variable access.
repo/enterprise/integrations/utils.py:130
    override = os.getenv('OH_RESOLVER_LABEL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80f19079832e701a Environment-variable access.
repo/enterprise/migrations/env.py:24
DB_USER = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6005b50b620a821e Environment-variable access.
repo/enterprise/migrations/env.py:25
DB_PASS = os.getenv('DB_PASS', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74624a745d98cdf2 Environment-variable access.
repo/enterprise/migrations/env.py:26
DB_HOST = os.getenv('DB_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e21b934145f724c7 Environment-variable access.
repo/enterprise/migrations/env.py:27
DB_PORT = os.getenv('DB_PORT', '5432')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f92426b635a542a8 Environment-variable access.
repo/enterprise/migrations/env.py:28
DB_NAME = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9fdb556c67b3e1f Environment-variable access.
repo/enterprise/migrations/env.py:33
DB_DRIVER = os.getenv('DB_DRIVER', 'pg8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bc39d33cc26a9f9 Environment-variable access.
repo/enterprise/migrations/env.py:34
DB_SSL_MODE = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbaebf48e37a5c37 Environment-variable access.
repo/enterprise/migrations/env.py:36
GCP_DB_INSTANCE = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1ced7def5bd9334 Environment-variable access.
repo/enterprise/migrations/env.py:37
GCP_PROJECT = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a6e5ecbc9d84781 Environment-variable access.
repo/enterprise/migrations/env.py:38
GCP_REGION = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22364cd5822a0558 Environment-variable access.
repo/enterprise/migrations/env.py:40
POOL_SIZE = int(os.getenv('DB_POOL_SIZE', '25'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c93672e783eb9f Environment-variable access.
repo/enterprise/migrations/env.py:41
MAX_OVERFLOW = int(os.getenv('DB_MAX_OVERFLOW', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0aff864121ebbfd Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:28
    if 'STRIPE_API_KEY' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fee927e940f58b0 Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:32
    stripe.api_key = os.environ['STRIPE_API_KEY']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33549db8fbc4b1d4 Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:34
    blacklist_patterns = os.environ.get('EMAIL_PATTERN_BLACKLIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84e782464e65a3a9 Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:35
    whitelist_patterns = os.environ.get('EMAIL_PATTERN_WHITELIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba2b672e634f5a3 Environment-variable access.
repo/enterprise/saas_server.py:8
if not os.getenv('OPENHANDS_CONFIG_CLS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e68a3d8395d34a1 Environment-variable access.
repo/enterprise/saas_server.py:9
    os.environ['OPENHANDS_CONFIG_CLS'] = 'server.config.SaaSServerConfig'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f64187db113c3983 Environment-variable access.
repo/enterprise/saas_server.py:13
os.environ['SERVE_FRONTEND'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ac98d9e522ea68f Environment-variable access.
repo/enterprise/saas_server.py:82
directory = os.getenv('FRONTEND_DIRECTORY', './frontend/build')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ba891b4043a8cd1 Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:27
        api_key = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af864c1932f97791 Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:28
        host = os.environ.get('POSTHOG_HOST', 'https://us.i.posthog.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68e452e614681c4d Environment-variable access.
repo/enterprise/server/auth/constants.py:5
GITHUB_APP_CLIENT_ID = os.getenv('GITHUB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbbee4de972db434 Environment-variable access.
repo/enterprise/server/auth/constants.py:6
GITHUB_APP_CLIENT_SECRET = os.getenv('GITHUB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78af49a1d86f377a Environment-variable access.
repo/enterprise/server/auth/constants.py:7
GITHUB_APP_WEBHOOK_SECRET = os.getenv('GITHUB_APP_WEBHOOK_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6916671615d5386 Environment-variable access.
repo/enterprise/server/auth/constants.py:8
GITHUB_APP_PRIVATE_KEY = os.getenv('GITHUB_APP_PRIVATE_KEY', '').replace('\\n', '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6637167b05c68d Environment-variable access.
repo/enterprise/server/auth/constants.py:9
KEYCLOAK_SERVER_URL = os.getenv('KEYCLOAK_SERVER_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ee71d7ea1c76a7a Environment-variable access.
repo/enterprise/server/auth/constants.py:10
KEYCLOAK_REALM_NAME = os.getenv('KEYCLOAK_REALM_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eaeda116075e4ad Environment-variable access.
repo/enterprise/server/auth/constants.py:11
KEYCLOAK_CLIENT_ID = os.getenv('KEYCLOAK_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #738ce822fcbc12e8 Environment-variable access.
repo/enterprise/server/auth/constants.py:12
KEYCLOAK_CLIENT_SECRET = os.getenv('KEYCLOAK_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e02b1352a667ad9 Environment-variable access.
repo/enterprise/server/auth/constants.py:13
KEYCLOAK_SERVER_URL_EXT = os.getenv(
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'
).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e760227934747628 Environment-variable access.
repo/enterprise/server/auth/constants.py:14
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #439e31b0d1b86718 Environment-variable access.
repo/enterprise/server/auth/constants.py:16
KEYCLOAK_ADMIN_PASSWORD = os.getenv('KEYCLOAK_ADMIN_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb5062e08c90ec62 Environment-variable access.
repo/enterprise/server/auth/constants.py:17
GITLAB_APP_CLIENT_ID = os.getenv('GITLAB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb5be784f6cd6dab Environment-variable access.
repo/enterprise/server/auth/constants.py:18
GITLAB_APP_CLIENT_SECRET = os.getenv('GITLAB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7411b67412c472c Environment-variable access.
repo/enterprise/server/auth/constants.py:20
BITBUCKET_APP_CLIENT_ID = os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59be21acc391b1ef Environment-variable access.
repo/enterprise/server/auth/constants.py:21
BITBUCKET_APP_CLIENT_SECRET = os.getenv('BITBUCKET_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74c43910913e3abf Environment-variable access.
repo/enterprise/server/auth/constants.py:22
AZURE_DEVOPS_CLIENT_ID = os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ee54fd63b2aaa7 Environment-variable access.
repo/enterprise/server/auth/constants.py:23
AZURE_DEVOPS_CLIENT_SECRET = os.getenv('AZURE_DEVOPS_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #111e4fce011026a6 Environment-variable access.
repo/enterprise/server/auth/constants.py:24
AZURE_DEVOPS_TENANT_ID = os.getenv('AZURE_DEVOPS_TENANT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8e848a8bc5d8178 Environment-variable access.
repo/enterprise/server/auth/constants.py:25
AZURE_DEVOPS_ORGANIZATION = os.getenv('AZURE_DEVOPS_ORGANIZATION', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf449f75267ad2fc Environment-variable access.
repo/enterprise/server/auth/constants.py:26
AZURE_DEVOPS_WEBHOOK_SECRET = os.getenv('AZURE_DEVOPS_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38f0f8dc274b9698 Environment-variable access.
repo/enterprise/server/auth/constants.py:27
AZURE_DEVOPS_SCOPE = os.getenv(
    'AZURE_DEVOPS_SCOPE', 'https://app.vssps.visualstudio.com/.default'
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a48c679156ba142c Environment-variable access.
repo/enterprise/server/auth/constants.py:35
ENABLE_ENTERPRISE_SSO = os.getenv('ENABLE_ENTERPRISE_SSO', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e7f6c2c4290bdb0 Environment-variable access.
repo/enterprise/server/auth/constants.py:36
ENABLE_JIRA = os.environ.get('ENABLE_JIRA', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0aaa2230d756c12 Environment-variable access.
repo/enterprise/server/auth/constants.py:37
ENABLE_JIRA_DC = os.environ.get('ENABLE_JIRA_DC', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6654962a17b07402 Environment-variable access.
repo/enterprise/server/auth/constants.py:38
ENABLE_LINEAR = os.environ.get('ENABLE_LINEAR', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61d1879b2ba6ec2f Environment-variable access.
repo/enterprise/server/auth/constants.py:39
ENABLE_AUTOMATIONS = os.environ.get('ENABLE_AUTOMATIONS', 'true') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed271e66b2efe5d6 Environment-variable access.
repo/enterprise/server/auth/constants.py:40
JIRA_CLIENT_ID = os.getenv('JIRA_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4a60bcf5708a990 Environment-variable access.
repo/enterprise/server/auth/constants.py:41
JIRA_CLIENT_SECRET = os.getenv('JIRA_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caf7d348cecea61e Environment-variable access.
repo/enterprise/server/auth/constants.py:43
JIRA_HTTP_TIMEOUT = float(os.getenv('JIRA_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fc8fd66e849e33f Environment-variable access.
repo/enterprise/server/auth/constants.py:44
LINEAR_CLIENT_ID = os.getenv('LINEAR_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a145578ce3e11714 Environment-variable access.
repo/enterprise/server/auth/constants.py:45
LINEAR_CLIENT_SECRET = os.getenv('LINEAR_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf2cb70eb51f83d4 Environment-variable access.
repo/enterprise/server/auth/constants.py:46
JIRA_DC_CLIENT_ID = os.getenv('JIRA_DC_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72a2d81d685cbd9 Environment-variable access.
repo/enterprise/server/auth/constants.py:47
JIRA_DC_CLIENT_SECRET = os.getenv('JIRA_DC_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb9a978895b0e094 Environment-variable access.
repo/enterprise/server/auth/constants.py:48
JIRA_DC_BASE_URL = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c41eee2cae80bad6 Environment-variable access.
repo/enterprise/server/auth/constants.py:49
JIRA_DC_ENABLE_OAUTH = os.getenv('JIRA_DC_ENABLE_OAUTH', '1') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a50c1996d2af033 Environment-variable access.
repo/enterprise/server/auth/constants.py:50
JIRA_DC_SERVICE_ACCOUNT_EMAIL = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82bfaf55f7a4fbac Environment-variable access.
repo/enterprise/server/auth/constants.py:51
JIRA_DC_SERVICE_ACCOUNT_PAT = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e1865df5d54ea77 Environment-variable access.
repo/enterprise/server/auth/constants.py:53
JIRA_DC_HTTP_TIMEOUT = float(os.getenv('JIRA_DC_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c5591c9dd6b68b0 Environment-variable access.
repo/enterprise/server/auth/constants.py:54
AUTH_URL = os.getenv('AUTH_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed89ea1aa902bf9a Environment-variable access.
repo/enterprise/server/auth/constants.py:55
ROLE_CHECK_ENABLED = os.getenv('ROLE_CHECK_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23bd7087eb224538 Environment-variable access.
repo/enterprise/server/auth/constants.py:64
DUPLICATE_EMAIL_CHECK = os.getenv('DUPLICATE_EMAIL_CHECK', 'true') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d809ba09d748b48d Environment-variable access.
repo/enterprise/server/auth/constants.py:65
BITBUCKET_DATA_CENTER_CLIENT_ID = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_ID', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3dfb2af300dc2d7 Environment-variable access.
repo/enterprise/server/auth/constants.py:68
BITBUCKET_DATA_CENTER_CLIENT_SECRET = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_SECRET', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5b2d248237b23d9 Environment-variable access.
repo/enterprise/server/auth/constants.py:71
BITBUCKET_DATA_CENTER_HOST = os.getenv('BITBUCKET_DATA_CENTER_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7df30e4ee97036ff Environment-variable access.
repo/enterprise/server/auth/constants.py:78
BITBUCKET_DATA_CENTER_BOT_TOKEN = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_TOKEN', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09d2a8716259200d Environment-variable access.
repo/enterprise/server/auth/constants.py:84
BITBUCKET_DATA_CENTER_BOT_USERNAME = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_USERNAME', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a92ac2f9d494e56 Environment-variable access.
repo/enterprise/server/auth/constants.py:92
RECAPTCHA_PROJECT_ID = os.getenv('RECAPTCHA_PROJECT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #799e6778d30a3643 Environment-variable access.
repo/enterprise/server/auth/constants.py:93
RECAPTCHA_SITE_KEY = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dcc11cd9c8d346f Environment-variable access.
repo/enterprise/server/auth/constants.py:94
RECAPTCHA_HMAC_SECRET = os.getenv('RECAPTCHA_HMAC_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #918e53319ee3fbaa Environment-variable access.
repo/enterprise/server/auth/constants.py:95
RECAPTCHA_BLOCK_THRESHOLD = float(os.getenv('RECAPTCHA_BLOCK_THRESHOLD', '0.3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f81fe9572ad1d0a Environment-variable access.
repo/enterprise/server/auth/constants.py:98
AUTOMATION_SERVICE_URL = os.getenv('AUTOMATION_SERVICE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09094dfb4c75d766 Environment-variable access.
repo/enterprise/server/auth/constants.py:106
AUTOMATION_EVENT_FORWARDING_ENABLED = os.getenv(
    'AUTOMATION_EVENT_FORWARDING_ENABLED', 'false'
) in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90916f1631a609b5 Environment-variable access.
repo/enterprise/server/auth/constants.py:110
AUTOMATION_WEBHOOK_SECRET = os.getenv('AUTOMATION_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc3bd8094b80f9c6 Environment-variable access.
repo/enterprise/server/auth/constants.py:112
AUTOMATION_SERVICE_TIMEOUT = int(os.getenv('AUTOMATION_SERVICE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d2420c2fafd996 Environment-variable access.
repo/enterprise/server/config.py:57
    config_cls: str = os.environ.get('OPENHANDS_CONFIG_CLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3af66f0ba802b20 Environment-variable access.
repo/enterprise/server/config.py:59
    posthog_client_key: str = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296f9177dda481d1 Environment-variable access.
repo/enterprise/server/config.py:60
    github_client_id: str = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #890c7084a985650c Environment-variable access.
repo/enterprise/server/config.py:61
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #648416a666ee4349 Environment-variable access.
repo/enterprise/server/config.py:62
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30c752f03bc54563 Environment-variable access.
repo/enterprise/server/config.py:63
    auth_url: str | None = os.environ.get('AUTH_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #542e674e9c148f40 Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53add2f20f3853ae Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(
        'MAINTENANCE_START_TIME', ''
    )  # Timestamp in EST e.g 2025-07-29T14:18:01.219616-04:00

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6a36e6f0242ee1 Environment-variable access.
repo/enterprise/server/config.py:82
    enable_onboarding = os.environ.get('OH_ENABLE_ONBOARDING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c8fbba9f62a0b84e Hardcoded external endpoint. Review what data is sent to this destination.
repo/enterprise/server/config.py:118
        response = requests.get('https://api.github.com/app', headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #06b776e2c2de6805 Environment-variable access.
repo/enterprise/server/constants.py:5
HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04b38f5114241f31 Environment-variable access.
repo/enterprise/server/constants.py:23
BYOR_KEY_ALIAS_PATTERN = os.getenv(
    'BYOR_KEY_ALIAS_PATTERN', 'BYOR Key - user {user_id}, org {org_id}'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4be1254052af266 Environment-variable access.
repo/enterprise/server/constants.py:45
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8342113a4a9fb46 Environment-variable access.
repo/enterprise/server/constants.py:61
DEFAULT_BILLING_MARGIN = float(os.environ.get('DEFAULT_BILLING_MARGIN', '1.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbfe5bed13b9f862 Environment-variable access.
repo/enterprise/server/constants.py:74
LITELLM_DEFAULT_MODEL = os.getenv('LITELLM_DEFAULT_MODEL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72358e5b8ecc15e Environment-variable access.
repo/enterprise/server/constants.py:75
OPENHANDS_LLM_PROVIDER_ROUTE = os.getenv('OPENHANDS_LLM_PROVIDER_ROUTE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f19bb094e7037e89 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4447424b9875ea40 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(
    'LLM_MODEL'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b11de6bd7b9118b Environment-variable access.
repo/enterprise/server/constants.py:79
OPENHANDS_DEFAULT_LLM_BASE_URL = os.getenv(
    'OPENHANDS_DEFAULT_LLM_BASE_URL'
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03c6ee8ae7062461 Environment-variable access.
repo/enterprise/server/constants.py:81
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89964fd20cb72592 Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e99d17447578bc1f Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(
    'LLM_API_KEY'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c134e87c0193eb Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b233256a8f0033dd Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27dc3005b2e3a6c1 Environment-variable access.
repo/enterprise/server/constants.py:93
LITE_LLM_TEAM_ID = os.environ.get('LITE_LLM_TEAM_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23b839922036199b Environment-variable access.
repo/enterprise/server/constants.py:94
LITE_LLM_API_KEY = os.environ.get('LITE_LLM_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e004745bb235a643 Environment-variable access.
repo/enterprise/server/constants.py:110
STRIPE_API_KEY = os.environ.get('STRIPE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6767b8f3b70a3ee7 Environment-variable access.
repo/enterprise/server/constants.py:111
REQUIRE_PAYMENT = os.environ.get('REQUIRE_PAYMENT', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #844972f470140ca6 Environment-variable access.
repo/enterprise/server/constants.py:113
SLACK_CLIENT_ID = os.environ.get('SLACK_CLIENT_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d49084e1c77d2cdd Environment-variable access.
repo/enterprise/server/constants.py:114
SLACK_CLIENT_SECRET = os.environ.get('SLACK_CLIENT_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a778d880ba6612d Environment-variable access.
repo/enterprise/server/constants.py:115
SLACK_SIGNING_SECRET = os.environ.get('SLACK_SIGNING_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0d616665cf76b86 Environment-variable access.
repo/enterprise/server/constants.py:116
SLACK_WEBHOOKS_ENABLED = os.environ.get('SLACK_WEBHOOKS_ENABLED', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c5da8a57fc0d15 Environment-variable access.
repo/enterprise/server/constants.py:118
WEB_HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea7b621a9260535b Environment-variable access.
repo/enterprise/server/constants.py:121
    for host in (os.getenv('PERMITTED_CORS_ORIGINS') or f'https://{WEB_HOST}').split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84f75c30c35dee39 Environment-variable access.
repo/enterprise/server/constants.py:127
DEFAULT_V1_ENABLED = os.getenv('DEFAULT_V1_ENABLED', '1').lower() in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e5b5130a36ef266 Environment-variable access.
repo/enterprise/server/constants.py:135
USER_PROVISIONING_ENABLED = os.getenv('USER_PROVISIONING_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79b95efa86acf5de Environment-variable access.
repo/enterprise/server/constants.py:145
OPEN_ORG_CREATION_ENABLED = os.getenv('OPEN_ORG_CREATION_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fce215934a75a910 Environment-variable access.
repo/enterprise/server/logger.py:13
LOG_JSON = os.getenv('LOG_JSON', '1') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb9d3c14893acc86 Environment-variable access.
repo/enterprise/server/logger.py:14
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f2d0fc8ebcea56 Environment-variable access.
repo/enterprise/server/logger.py:15
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2946369810624a85 Environment-variable access.
repo/enterprise/server/logger.py:26
LOG_JSON_FOR_CONSOLE = int(os.getenv('LOG_JSON_FOR_CONSOLE', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f69df543e8b5daaa Environment-variable access.
repo/enterprise/server/routes/github_proxy.py:14
GITHUB_PROXY_ENDPOINTS = bool(os.environ.get('GITHUB_PROXY_ENDPOINTS'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73d24443d2be6f0 Environment-variable access.
repo/enterprise/server/routes/integration/github.py:22
GITHUB_WEBHOOKS_ENABLED = os.environ.get('GITHUB_WEBHOOKS_ENABLED', '1') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e8dbd7cc9bc7cd Environment-variable access.
repo/enterprise/server/routes/integration/jira.py:27
JIRA_WEBHOOKS_ENABLED = os.environ.get('JIRA_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d55d0afaa3bb8483 Environment-variable access.
repo/enterprise/server/routes/integration/jira_dc.py:56
JIRA_DC_WEBHOOKS_ENABLED = os.environ.get('JIRA_DC_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63320cbb90e6032d Environment-variable access.
repo/enterprise/server/routes/service.py:23
AUTOMATIONS_SERVICE_KEY = os.getenv('AUTOMATIONS_SERVICE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e40548aeb51920 Environment-variable access.
repo/enterprise/server/services/email_service.py:32
        resend_api_key = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a14a33a33ab5d64a Environment-variable access.
repo/enterprise/server/services/email_service.py:48
        return RESEND_AVAILABLE and bool(os.environ.get('RESEND_API_KEY'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f46edff96d94bb0b Environment-variable access.
repo/enterprise/server/services/email_service.py:57
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f816cfc909187ef Environment-variable access.
repo/enterprise/server/services/email_service.py:91
        from_email = os.environ.get('RESEND_FROM_EMAIL', DEFAULT_FROM_EMAIL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40d76edef6909f44 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:30
        host = os.environ.get('SMTP_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b108855833281da Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:34
        port_value = os.environ.get('SMTP_PORT', '587')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44553dd5cc75db5f Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:44
        use_ssl = os.environ.get('SMTP_USE_SSL', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e6bebe23077c880 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:49
            os.environ.get('SMTP_USE_TLS', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #604ac946b45b10fe Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:58
            'username': os.environ.get('SMTP_USERNAME', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c79e330b2e87c2b0 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:59
            'password': os.environ.get('SMTP_PASSWORD', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a8a35138892a811 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:60
            'from_email': os.environ.get('SMTP_FROM_EMAIL', DEFAULT_FROM_EMAIL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c07f86b532689375 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:123
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45d1c8d582071d46 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:139
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7539ac77f0037c2a Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:163
                endpoint_url=os.getenv('AWS_S3_ENDPOINT'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e482f0dbc02555ca Environment-variable access.
repo/enterprise/server/sharing/google_cloud_shared_event_service.py:135
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8db4bee5858f1adf Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c29b454f5999ba5 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(
    'RATE_LIMIT_AUTH_WINDOWS', '10/second; 100/minute'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cad1cb597ad5e4a0 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:23
    os.environ.get('RATE_LIMIT_USER_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b0484638b7248c4 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:26
    os.environ.get('RATE_LIMIT_IP_SECONDS', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #846847dfd9a54bb1 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:31
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_USER_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18fac9934bd4b10e Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:34
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_IP_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296cf1f371bf91bf Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:39
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_USER_SECONDS', '30')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c82a012d86977e13 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:42
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_IP_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb6a75b568621447 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:47
    os.environ.get('RATE_LIMIT_ORG_INVITATION_USER_SECONDS', '6')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1189a4af32dbb4f8 Environment-variable access.
repo/enterprise/storage/default_org_service.py:43
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a890d6b731f8edbe Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:36
ENABLE_BILLING = os.environ.get('ENABLE_BILLING', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a0ca71a0151461 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:53
        budget = float(os.environ.get('DEFAULT_INITIAL_BUDGET', 0.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5f040ae28b556ba Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:154
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d827121bdc43d4 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:313
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e234814e695011d2 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:521
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26876106f73a6f9e Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:47
RESEND_API_KEY = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e95168227aabe3f4 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:48
RESEND_AUDIENCE_ID = os.environ.get('RESEND_AUDIENCE_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37d0cad57c66be9a Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:54
BATCH_SIZE = int(os.environ.get('BATCH_SIZE', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9ece15db9397c01 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:55
MAX_RETRIES = int(os.environ.get('MAX_RETRIES', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d96b30bed65ffb1 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:56
INITIAL_BACKOFF_SECONDS = float(os.environ.get('INITIAL_BACKOFF_SECONDS', '1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e491bd39a28deeb Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:57
MAX_BACKOFF_SECONDS = float(os.environ.get('MAX_BACKOFF_SECONDS', '60'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40ac459c3615ae66 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:58
BACKOFF_FACTOR = float(os.environ.get('BACKOFF_FACTOR', '2'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e0f592e323f913 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:59
RATE_LIMIT = float(os.environ.get('RATE_LIMIT', '2'))  # Requests per second

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0530ce29a5830852 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9682423d37a4d38f Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(
                'RESEND_FROM_EMAIL', 'OpenHands Team <[email protected]>'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63185953b78f6d07 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a90bba52e4d3cb Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(
                'RESEND_REPLY_TO_EMAIL', '[email protected]'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2acd427c910246b0 Filesystem access.
repo/openhands/analytics/oss_install_id.py:25
            stored = id_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1851c4c43bf297a Filesystem access.
repo/openhands/analytics/oss_install_id.py:34
        id_file.write_text(new_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #952dc6119535ad29 Environment-variable access.
repo/openhands/app_server/app.py:75
if os.getenv('SERVE_FRONTEND', 'true').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c32400a12dfc2703 Filesystem access.
repo/openhands/app_server/app_conversation/app_conversation_router.py:1194
            with open(temp_file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b2bc43c248bbfa5 Environment-variable access.
repo/openhands/app_server/config.py:77
    persistence_dir = os.getenv('OH_PERSISTENCE_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #080b99e9468f5f1f Environment-variable access.
repo/openhands/app_server/config.py:81
        persistence_dir = os.getenv('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b730d8b4c8591b9b Environment-variable access.
repo/openhands/app_server/config.py:97
    web_host = os.getenv('WEB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4d20634aad7f708 Environment-variable access.
repo/openhands/app_server/config.py:110
    legacy = os.getenv('PERMITTED_CORS_ORIGINS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff062950cbdf59e4 Environment-variable access.
repo/openhands/app_server/config.py:121
    return os.getenv('OPENHANDS_PROVIDER_BASE_URL') or os.getenv('LLM_BASE_URL') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18ea1f024634941e Environment-variable access.
repo/openhands/app_server/config.py:129
    return os.getenv('TAVILY_API_KEY') or os.getenv('SEARCH_API_KEY') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ff1ff73711c8bb1 Environment-variable access.
repo/openhands/app_server/config.py:177
    if 'saas' in (os.getenv('OPENHANDS_CONFIG_CLS') or '').lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9012759478ce097e Environment-variable access.
repo/openhands/app_server/config.py:293
        aws_region = os.getenv('AWS_REGION_NAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6350afce44388a2 Environment-variable access.
repo/openhands/app_server/config.py:294
        aws_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4544d9604434ff97 Environment-variable access.
repo/openhands/app_server/config.py:295
        aws_secret = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b8ec2abaa00a1e5 Environment-variable access.
repo/openhands/app_server/config.py:301
        ollama_url = os.getenv('OLLAMA_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7939bfe17d2f4489 Environment-variable access.
repo/openhands/app_server/config.py:312
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e000605de8159a6b Environment-variable access.
repo/openhands/app_server/config.py:320
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9cb039b64d41389 Environment-variable access.
repo/openhands/app_server/config.py:334
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae49f12d92e04c69 Environment-variable access.
repo/openhands/app_server/config.py:336
                api_key=os.environ['SANDBOX_API_KEY'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9361cc83bf9e057e Environment-variable access.
repo/openhands/app_server/config.py:337
                api_url=os.environ['SANDBOX_REMOTE_RUNTIME_API_URL'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b05841e89c0419c5 Environment-variable access.
repo/openhands/app_server/config.py:339
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9555b502f8c00202 Environment-variable access.
repo/openhands/app_server/config.py:344
            if os.getenv('SANDBOX_HOST_PORT'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd2c3b7cae15ecbf Environment-variable access.
repo/openhands/app_server/config.py:346
                    os.environ['SANDBOX_HOST_PORT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39bec1fd277ee34 Environment-variable access.
repo/openhands/app_server/config.py:348
            if os.getenv('SANDBOX_CONTAINER_URL_PATTERN'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed1d3c57402b6185 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74ea703b479df1c4 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[
                    'SANDBOX_CONTAINER_URL_PATTERN'
                ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b93c6612fc6746ba Environment-variable access.
repo/openhands/app_server/config.py:355
            if os.getenv('SANDBOX_STARTUP_GRACE_SECONDS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23419f019e2759a4 Environment-variable access.
repo/openhands/app_server/config.py:357
                    os.environ['SANDBOX_STARTUP_GRACE_SECONDS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2af0eb4a08763e0d Environment-variable access.
repo/openhands/app_server/config.py:361
            sandbox_volumes = os.getenv('SANDBOX_VOLUMES')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67003dd4946e29be Environment-variable access.
repo/openhands/app_server/config.py:389
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb550ef4e7a7f34a Environment-variable access.
repo/openhands/app_server/config.py:391
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #444864c31d530f89 Environment-variable access.
repo/openhands/app_server/constants.py:17
MAX_API_SECRETS_COUNT: int = int(os.getenv('OH_MAX_API_SECRETS_COUNT', '50'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #469672570348dcf3 Environment-variable access.
repo/openhands/app_server/constants.py:22
MAX_API_SECRET_NAME_LENGTH: int = int(os.getenv('OH_MAX_API_SECRET_NAME_LENGTH', '256'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae318df4537156a9 Environment-variable access.
repo/openhands/app_server/constants.py:28
    os.getenv('OH_MAX_API_SECRET_VALUE_LENGTH', '65536')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dc5bb66d5338897 Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:81
    endpoint_url = os.getenv('AWS_S3_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e6d6aeab57d9aa4 Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:84
    secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #084a8bcee62db987 Environment-variable access.
repo/openhands/app_server/event/event_service_base.py:26
        return max(1, int(os.getenv('EVENT_SERVICE_LOAD_EVENT_CONCURRENCY', '10')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e13dd644e66a3714 Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:25
            content = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #612754ad63e06526 Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:36
        path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb053cd589431f69 Filesystem access.
repo/openhands/app_server/file_store/files.py:29
        with open(source_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f067a09f597382 Environment-variable access.
repo/openhands/app_server/file_store/google_cloud.py:31
        return os.environ['GOOGLE_CLOUD_BUCKET_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7a9fcdc15191558 Filesystem access.
repo/openhands/app_server/file_store/local.py:35
            with open(temp_path, mode) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dde8ab35b82fa676 Filesystem access.
repo/openhands/app_server/file_store/local.py:61
        with open(full_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87ffcd17f9823900 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:37
            self._resolved_bucket = self.bucket_name or os.environ['AWS_S3_BUCKET']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15d274990d0e6fb Environment-variable access.
repo/openhands/app_server/file_store/s3.py:44
            access_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ddeff3bc0e9387d Environment-variable access.
repo/openhands/app_server/file_store/s3.py:45
            secret_key = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6d31838cae106b2 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:46
            secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8ae3f1942dfdfce Environment-variable access.
repo/openhands/app_server/file_store/s3.py:47
            endpoint = self._ensure_url_scheme(secure, os.getenv('AWS_S3_ENDPOINT'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa62c5e8356971b4 Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8f84a7d64c8e738 Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(
    'OPENHANDS_AZURE_DEVOPS_SERVICE_CLS',
    'openhands.app_server.integrations.azure_devops.azure_devops_service.AzureDevOpsService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a043ef22b7fbe4b7 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0602b8515368571d Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket.bitbucket_service.BitBucketService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb0be9c2d0797dc6 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:54
            base_domain = os.environ.get('BITBUCKET_DATA_CENTER_HOST') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fa7f26b5e73ebd3 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #356dc58785b5cb35 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_DATA_CENTER_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket_data_center.bitbucket_dc_service.BitbucketDCService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6c6403ed3e5e71f Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #817411465a26c821 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(
    'OPENHANDS_FORGEJO_SERVICE_CLS',
    'openhands.app_server.integrations.forgejo.forgejo_service.ForgejoService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c904a28be1805265 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:51
            env_token = os.environ.get('FORGEJO_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ea65e622162245 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:55
        env_base_url = os.environ.get('FORGEJO_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eda63880cefd308c Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10ac903d66d1146e Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(
    'OPENHANDS_GITHUB_SERVICE_CLS',
    'openhands.app_server.integrations.github.github_service.GitHubService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5ef186c5049142d Environment-variable access.
repo/openhands/app_server/integrations/gitlab/constants.py:11
    os.environ.get('GITLAB_HOST', 'gitlab.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #319518667f0ade19 Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a28f8c91a1981d4 Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(
    'OPENHANDS_GITLAB_SERVICE_CLS',
    'openhands.app_server.integrations.gitlab.gitlab_service.GitLabService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #692d7f758cc2ff5b Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:23
    email = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9504015e5643512f Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:24
    api_key = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79e7db637a9b033a Environment-variable access.
repo/openhands/app_server/integrations/provider.py:145
        WEB_HOST = os.getenv('WEB_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c40255f32e6e6f46 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3ebc28ea37a8a60 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(
                'ALLOW_INSECURE_GIT_ACCESS', 'false'
            ).lower() in ('true', '1', 'yes')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f04422f71e997c1 Environment-variable access.
repo/openhands/app_server/mcp/mcp_router.py:45
HOST = f'https://{os.getenv("WEB_HOST", "app.all-hands.dev").strip()}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b6724880ee12d62 Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:55
    value = os.getenv('AGENT_SERVER_USE_HOST_NETWORK', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72b95e0100ba50a Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:61
    value = os.getenv('SANDBOX_KVM_ENABLED', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1786d61df0e89de Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:122
        default_factory=lambda: os.environ.get('SANDBOX_REMOTE_RUNTIME_API_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d1b8a9e92886c00 Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:126
        default_factory=lambda: os.environ.get('SANDBOX_API_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14c387fe7059af12 Environment-variable access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:125
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d4288a6f103217b Filesystem access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:145
            with open(log_path, 'a', buffering=1) as log_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190e11c179bcf55b Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:121
    repository = os.getenv('AGENT_SERVER_IMAGE_REPOSITORY') or _DEFAULT_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5ba5f3e1fe6b0e5 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:123
    tag = os.getenv('AGENT_SERVER_IMAGE_TAG') or f'{bundled_version}-python'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67da308047027eb1 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:201
    for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2b3a900e4c70799 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:78
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1b0bd2ba4e1e77c Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:83
    return os.getenv('RUNTIME_FILE_ARCHIVE_REQUIRED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49a8bb28ec9e058a Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:88
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENRICH', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b1d93e4afea48ae Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:92
    return os.getenv('RUNTIME_FILE_ARCHIVE_BUCKET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8a71e1a96b61fbb Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:96
    return os.getenv('RUNTIME_FILE_ARCHIVE_PREFIX', 'workspace-archives')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a5c0ce49bfee184 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:106
    return os.getenv('RUNTIME_FILE_ARCHIVE_FORMAT', 'both')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e8374f5e9ab5e6c Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:131
    raw = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #519c59bdf394c646 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:159
    return os.getenv('RUNTIME_FILE_ARCHIVE_STORE_TYPE', 'google_cloud')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5de4d0356dac3336 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:10
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e4b937eb7ad27f8 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:13
    github_client_id = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31258c2f459c0b1c Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:14
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6bcacd6f778f935 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:15
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3b78b21ccd4f90d Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:28
    enable_v1: bool = os.getenv('ENABLE_V1') != '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4c56af85d854b15 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:49
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #652668deea5c6a2a Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:57
            self.host = os.getenv('DB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c6603cd5e6bb95 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:59
            self.port = int(os.getenv('DB_PORT', '5432'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c23832f744c565 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:61
            self.name = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e6102b317534d1 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:63
            self.user = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b533b6721736bd08 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:65
            self.password = SecretStr(os.getenv('DB_PASS', 'postgres').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9f74c039bf75a67 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:67
            self.gcp_db_instance = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf27e1f26fc10a61 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:69
            self.gcp_project = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2cab3c146ba101e Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:71
            self.gcp_region = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e2d9fde36f08d7b Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:73
            self.ssl_mode = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4dc54d41640a6a8 Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:51
    raw = os.environ.get(MARKETPLACE_LOADING_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f4446fbb421d3fd Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:135
    env_value = os.environ.get(INSTANCE_MARKETPLACES_ENV, '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #930aa8d7be1c7088 Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #615d244a03c360a8 Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c970e70dda123d6 Filesystem access.
repo/openhands/app_server/status/system_stats.py:59
        with open(f'/proc/{process.pid}/io', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba3c171fbc3aece Filesystem access.
repo/openhands/app_server/user/skills_router.py:81
        text = file_path.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd351f7165bfde76 Environment-variable access.
repo/openhands/app_server/utils/dependencies.py:9
_SESSION_API_KEY = os.getenv('SESSION_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d6cc1a12e2acc87 Environment-variable access.
repo/openhands/app_server/utils/encryption_key.py:35
    jwt_secret = os.getenv('JWT_SECRET')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cc951dce661683b Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:54
        encryption_keys = type_adapter.validate_json(key_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94dff34efe2e5258 Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:59
        jwt_secret = jwt_secret_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a254d8c4e766c132 Environment-variable access.
repo/openhands/app_server/utils/environment.py:31
    provider = os.environ.get('SHARED_EVENT_STORAGE_PROVIDER', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40db9c68be5a2497 Environment-variable access.
repo/openhands/app_server/utils/environment.py:35
        provider = os.environ.get('FILE_STORE', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f165bf9940fbf43 Environment-variable access.
repo/openhands/app_server/utils/environment.py:55
    if os.environ.get('DOCKER_CONTAINER') == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aa651af5a3b68e0 Environment-variable access.
repo/openhands/app_server/utils/llm_metadata.py:63
            f'web_host:{os.environ.get("WEB_HOST", "unspecified")}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f508faf76725dce Environment-variable access.
repo/openhands/app_server/utils/logger.py:25
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db6f04e96c56accc Environment-variable access.
repo/openhands/app_server/utils/logger.py:26
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63f7b6ba0dd8637d Environment-variable access.
repo/openhands/app_server/utils/logger.py:27
DEBUG_LLM = os.getenv('DEBUG_LLM', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bb21dc1a02f7875 Environment-variable access.
repo/openhands/app_server/utils/logger.py:30
LOG_JSON = os.getenv('LOG_JSON', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1de01772a4763e45 Environment-variable access.
repo/openhands/app_server/utils/logger.py:31
LOG_JSON_LEVEL_KEY = os.getenv('LOG_JSON_LEVEL_KEY', 'level')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ddd19b3266eba8a Environment-variable access.
repo/openhands/app_server/utils/logger.py:55
LOG_TO_FILE = os.getenv('LOG_TO_FILE', str(LOG_LEVEL == 'DEBUG')).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #669ac561d5acf7b4 Environment-variable access.
repo/openhands/app_server/utils/logger.py:62
LOG_ALL_EVENTS = os.getenv('LOG_ALL_EVENTS', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9490a7c1a4ced11f Environment-variable access.
repo/openhands/app_server/utils/logger.py:65
DEBUG_RUNTIME = os.getenv('DEBUG_RUNTIME', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da30e8da2dfe5291 Environment-variable access.
repo/openhands/app_server/utils/logger.py:252
        for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9487c418b128bceb Environment-variable access.
repo/openhands/app_server/utils/redis.py:9
REDIS_HOST = os.environ.get('REDIS_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #476c8f1696777a7f Environment-variable access.
repo/openhands/app_server/utils/redis.py:10
REDIS_PORT = int(os.environ.get('REDIS_PORT', '6379'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ec4e45e56e9960 Environment-variable access.
repo/openhands/app_server/utils/redis.py:11
REDIS_PASSWORD = os.environ.get('REDIS_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e01509584445b57b Environment-variable access.
repo/openhands/app_server/utils/redis.py:12
REDIS_DB = int(os.environ.get('REDIS_DB', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d7bd1cce45c4223 Filesystem access.
repo/openhands/app_server/version.py:17
                with open(file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a0d13ab33fd723 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:26
    key = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0088c51b63fed3df Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:40
    key = os.getenv('POSTHOG_CLIENT_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #314dd4e0fa0a2e1b Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:49
    url = os.getenv('AUTH_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6264f6fc051f3194 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:60
    value = os.getenv('MAINTENANCE_START_TIME', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a59cd2b359227eed Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:71
    return bool(os.getenv('GITLAB_APP_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f54b9c234e530cf Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:82
    if os.getenv('GITHUB_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24da14462c1139de Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:88
    if os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82154818f4ebedb0 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:91
    if os.getenv('BITBUCKET_DATA_CENTER_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f7e08e96a03f3aa Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:94
    if os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5a12432a9e77649 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:97
    if os.getenv('ENABLE_ENTERPRISE_SSO', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f45c04482212c56 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:109
    slug = os.getenv('GITHUB_APP_SLUG', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #860b49ce2d8c4bb4 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:116
        os.getenv('SLACK_WEBHOOKS_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ece47d9ff164ca2e Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:117
        and bool(os.getenv('SLACK_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c15ab0825717ed6c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:118
        and bool(os.getenv('SLACK_CLIENT_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a131f854ac92faa9 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:119
        and bool(os.getenv('SLACK_SIGNING_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58ff3dfbe0be8f5c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:128
        smtp_enabled = bool(os.getenv('SMTP_HOST', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01f795d0462d373d Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:135
        resend_enabled = bool(os.getenv('RESEND_API_KEY', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d92ba38fdad6551 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:151
    if os.getenv('JIRA_DC_ENABLE_OAUTH', '1') not in ('1', 'true'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dab38f8d74cff1a5 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:153
    base_url = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7897398119ea94c0 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:193
        enable_billing=os.getenv('ENABLE_BILLING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a40573f0328b18f Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:194
        hide_llm_settings=os.getenv('HIDE_LLM_SETTINGS', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ec5ceb9391f34e4 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:195
        enable_jira=os.getenv('ENABLE_JIRA', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8401e3a701adbb7 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:196
        enable_jira_dc=os.getenv('ENABLE_JIRA_DC', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f3402c3be5164d Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:197
        enable_linear=os.getenv('ENABLE_LINEAR', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26d82531b9652027 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:198
        hide_users_page=os.getenv('HIDE_USERS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fab565bda8e3fb5 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:199
        hide_billing_page=os.getenv('HIDE_BILLING_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e33e4a1e86a63430 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:200
        hide_integrations_page=os.getenv('HIDE_INTEGRATIONS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37facc7584a8cdd1 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:201
        hide_personal_workspaces=os.getenv('HIDE_PERSONAL_WORKSPACES', 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc857f9f0d06b7c2 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:203
        allow_user_llm_configuration=os.getenv(
            'OH_ALLOW_USER_LLM_CONFIGURATION', 'true'
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b3e72183347efd6 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:207
        enable_acp=os.getenv('ENABLE_ACP', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9bbdfe64a0ada72 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:208
        enable_onboarding=os.getenv('OH_ENABLE_ONBOARDING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eeea4693f86ad928 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:209
        enable_automations=os.getenv('ENABLE_AUTOMATIONS', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58b477bf7258cb57 Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:14
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d270482628e89d6 Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:19
    web_host = os.getenv('OH_WEB_HOST', os.getenv('WEB_HOST', '')).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b5d54284406699a Environment-variable access.
repo/openhands/server/__main__.py:19
        port=int(os.environ.get('port') or '3000'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8ac043ae27a091 Environment-variable access.
repo/openhands/server/__main__.py:20
        log_level='debug' if os.environ.get('DEBUG') else 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d8223875a07a37a Environment-variable access.
repo/scripts/auto_close_duplicate_issues.py:41
    token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4c198353ad59380 Filesystem access.
repo/scripts/check_enterprise_migration_integrity.py:81
            module = ast.parse(path.read_text(encoding='utf-8'), filename=str(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aad0f1efd2cc953a Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d48282b885e09c2 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba03c7274cb136b Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f321cec57571ce3a Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9fea5449db6e50a Filesystem access.
repo/scripts/issue_duplicate_check_openhands.py:601
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8483512b476912ec Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50061cd830e86579 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38220d4f1d465e22 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a29e043fa9c4c02 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c34acdfdbe514cff Filesystem access.
repo/scripts/issue_good_first_issue_check_openhands.py:544
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7584b5cf6129beb8 Environment-variable access.
repo/scripts/update_openapi.py:37
os.environ['OPENHANDS_LOG_LEVEL'] = 'CRITICAL'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c30b7104ac498fe Filesystem access.
repo/scripts/update_openapi.py:154
        with open(spec_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5330e93a02e8c0c9 Filesystem access.
repo/scripts/update_openapi.py:187
    with open(spec_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): enterprise

python first-party
expand_more 172 low-confidence finding(s)
low env_fs production #71f195aa03987282 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:18
        with open(yaml_file, 'r') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d42e380f6202d2c0 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:68
        with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f7b540ba8b435c Environment-variable access.
repo/enterprise/enterprise_local/convert_to_env.py:75
lite_llm_api_key = os.getenv('LITE_LLM_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #146909b52b48e636 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:127
with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13c8e24a0439b247 Environment-variable access.
repo/enterprise/integrations/github/data_collector.py:51
    os.getenv('COLLECT_GITHUB_INTERACTIONS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17ea33dd0531519b Environment-variable access.
repo/enterprise/integrations/utils.py:23
    os.getenv('ENABLE_PROACTIVE_CONVERSATION_STARTERS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #126c615f6e075e22 Environment-variable access.
repo/enterprise/integrations/utils.py:107
    os.getenv('OPENHANDS_RESOLVER_TEMPLATES_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2953a5213537e392 Environment-variable access.
repo/enterprise/integrations/utils.py:130
    override = os.getenv('OH_RESOLVER_LABEL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80f19079832e701a Environment-variable access.
repo/enterprise/migrations/env.py:24
DB_USER = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6005b50b620a821e Environment-variable access.
repo/enterprise/migrations/env.py:25
DB_PASS = os.getenv('DB_PASS', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74624a745d98cdf2 Environment-variable access.
repo/enterprise/migrations/env.py:26
DB_HOST = os.getenv('DB_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e21b934145f724c7 Environment-variable access.
repo/enterprise/migrations/env.py:27
DB_PORT = os.getenv('DB_PORT', '5432')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f92426b635a542a8 Environment-variable access.
repo/enterprise/migrations/env.py:28
DB_NAME = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9fdb556c67b3e1f Environment-variable access.
repo/enterprise/migrations/env.py:33
DB_DRIVER = os.getenv('DB_DRIVER', 'pg8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bc39d33cc26a9f9 Environment-variable access.
repo/enterprise/migrations/env.py:34
DB_SSL_MODE = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbaebf48e37a5c37 Environment-variable access.
repo/enterprise/migrations/env.py:36
GCP_DB_INSTANCE = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1ced7def5bd9334 Environment-variable access.
repo/enterprise/migrations/env.py:37
GCP_PROJECT = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a6e5ecbc9d84781 Environment-variable access.
repo/enterprise/migrations/env.py:38
GCP_REGION = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22364cd5822a0558 Environment-variable access.
repo/enterprise/migrations/env.py:40
POOL_SIZE = int(os.getenv('DB_POOL_SIZE', '25'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c93672e783eb9f Environment-variable access.
repo/enterprise/migrations/env.py:41
MAX_OVERFLOW = int(os.getenv('DB_MAX_OVERFLOW', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0aff864121ebbfd Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:28
    if 'STRIPE_API_KEY' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fee927e940f58b0 Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:32
    stripe.api_key = os.environ['STRIPE_API_KEY']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33549db8fbc4b1d4 Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:34
    blacklist_patterns = os.environ.get('EMAIL_PATTERN_BLACKLIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84e782464e65a3a9 Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:35
    whitelist_patterns = os.environ.get('EMAIL_PATTERN_WHITELIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba2b672e634f5a3 Environment-variable access.
repo/enterprise/saas_server.py:8
if not os.getenv('OPENHANDS_CONFIG_CLS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e68a3d8395d34a1 Environment-variable access.
repo/enterprise/saas_server.py:9
    os.environ['OPENHANDS_CONFIG_CLS'] = 'server.config.SaaSServerConfig'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f64187db113c3983 Environment-variable access.
repo/enterprise/saas_server.py:13
os.environ['SERVE_FRONTEND'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ac98d9e522ea68f Environment-variable access.
repo/enterprise/saas_server.py:82
directory = os.getenv('FRONTEND_DIRECTORY', './frontend/build')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ba891b4043a8cd1 Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:27
        api_key = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af864c1932f97791 Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:28
        host = os.environ.get('POSTHOG_HOST', 'https://us.i.posthog.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68e452e614681c4d Environment-variable access.
repo/enterprise/server/auth/constants.py:5
GITHUB_APP_CLIENT_ID = os.getenv('GITHUB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbbee4de972db434 Environment-variable access.
repo/enterprise/server/auth/constants.py:6
GITHUB_APP_CLIENT_SECRET = os.getenv('GITHUB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78af49a1d86f377a Environment-variable access.
repo/enterprise/server/auth/constants.py:7
GITHUB_APP_WEBHOOK_SECRET = os.getenv('GITHUB_APP_WEBHOOK_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6916671615d5386 Environment-variable access.
repo/enterprise/server/auth/constants.py:8
GITHUB_APP_PRIVATE_KEY = os.getenv('GITHUB_APP_PRIVATE_KEY', '').replace('\\n', '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6637167b05c68d Environment-variable access.
repo/enterprise/server/auth/constants.py:9
KEYCLOAK_SERVER_URL = os.getenv('KEYCLOAK_SERVER_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ee71d7ea1c76a7a Environment-variable access.
repo/enterprise/server/auth/constants.py:10
KEYCLOAK_REALM_NAME = os.getenv('KEYCLOAK_REALM_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eaeda116075e4ad Environment-variable access.
repo/enterprise/server/auth/constants.py:11
KEYCLOAK_CLIENT_ID = os.getenv('KEYCLOAK_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #738ce822fcbc12e8 Environment-variable access.
repo/enterprise/server/auth/constants.py:12
KEYCLOAK_CLIENT_SECRET = os.getenv('KEYCLOAK_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e02b1352a667ad9 Environment-variable access.
repo/enterprise/server/auth/constants.py:13
KEYCLOAK_SERVER_URL_EXT = os.getenv(
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'
).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e760227934747628 Environment-variable access.
repo/enterprise/server/auth/constants.py:14
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #439e31b0d1b86718 Environment-variable access.
repo/enterprise/server/auth/constants.py:16
KEYCLOAK_ADMIN_PASSWORD = os.getenv('KEYCLOAK_ADMIN_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb5062e08c90ec62 Environment-variable access.
repo/enterprise/server/auth/constants.py:17
GITLAB_APP_CLIENT_ID = os.getenv('GITLAB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb5be784f6cd6dab Environment-variable access.
repo/enterprise/server/auth/constants.py:18
GITLAB_APP_CLIENT_SECRET = os.getenv('GITLAB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7411b67412c472c Environment-variable access.
repo/enterprise/server/auth/constants.py:20
BITBUCKET_APP_CLIENT_ID = os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59be21acc391b1ef Environment-variable access.
repo/enterprise/server/auth/constants.py:21
BITBUCKET_APP_CLIENT_SECRET = os.getenv('BITBUCKET_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74c43910913e3abf Environment-variable access.
repo/enterprise/server/auth/constants.py:22
AZURE_DEVOPS_CLIENT_ID = os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ee54fd63b2aaa7 Environment-variable access.
repo/enterprise/server/auth/constants.py:23
AZURE_DEVOPS_CLIENT_SECRET = os.getenv('AZURE_DEVOPS_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #111e4fce011026a6 Environment-variable access.
repo/enterprise/server/auth/constants.py:24
AZURE_DEVOPS_TENANT_ID = os.getenv('AZURE_DEVOPS_TENANT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8e848a8bc5d8178 Environment-variable access.
repo/enterprise/server/auth/constants.py:25
AZURE_DEVOPS_ORGANIZATION = os.getenv('AZURE_DEVOPS_ORGANIZATION', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf449f75267ad2fc Environment-variable access.
repo/enterprise/server/auth/constants.py:26
AZURE_DEVOPS_WEBHOOK_SECRET = os.getenv('AZURE_DEVOPS_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38f0f8dc274b9698 Environment-variable access.
repo/enterprise/server/auth/constants.py:27
AZURE_DEVOPS_SCOPE = os.getenv(
    'AZURE_DEVOPS_SCOPE', 'https://app.vssps.visualstudio.com/.default'
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a48c679156ba142c Environment-variable access.
repo/enterprise/server/auth/constants.py:35
ENABLE_ENTERPRISE_SSO = os.getenv('ENABLE_ENTERPRISE_SSO', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e7f6c2c4290bdb0 Environment-variable access.
repo/enterprise/server/auth/constants.py:36
ENABLE_JIRA = os.environ.get('ENABLE_JIRA', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0aaa2230d756c12 Environment-variable access.
repo/enterprise/server/auth/constants.py:37
ENABLE_JIRA_DC = os.environ.get('ENABLE_JIRA_DC', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6654962a17b07402 Environment-variable access.
repo/enterprise/server/auth/constants.py:38
ENABLE_LINEAR = os.environ.get('ENABLE_LINEAR', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61d1879b2ba6ec2f Environment-variable access.
repo/enterprise/server/auth/constants.py:39
ENABLE_AUTOMATIONS = os.environ.get('ENABLE_AUTOMATIONS', 'true') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed271e66b2efe5d6 Environment-variable access.
repo/enterprise/server/auth/constants.py:40
JIRA_CLIENT_ID = os.getenv('JIRA_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4a60bcf5708a990 Environment-variable access.
repo/enterprise/server/auth/constants.py:41
JIRA_CLIENT_SECRET = os.getenv('JIRA_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caf7d348cecea61e Environment-variable access.
repo/enterprise/server/auth/constants.py:43
JIRA_HTTP_TIMEOUT = float(os.getenv('JIRA_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fc8fd66e849e33f Environment-variable access.
repo/enterprise/server/auth/constants.py:44
LINEAR_CLIENT_ID = os.getenv('LINEAR_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a145578ce3e11714 Environment-variable access.
repo/enterprise/server/auth/constants.py:45
LINEAR_CLIENT_SECRET = os.getenv('LINEAR_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf2cb70eb51f83d4 Environment-variable access.
repo/enterprise/server/auth/constants.py:46
JIRA_DC_CLIENT_ID = os.getenv('JIRA_DC_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72a2d81d685cbd9 Environment-variable access.
repo/enterprise/server/auth/constants.py:47
JIRA_DC_CLIENT_SECRET = os.getenv('JIRA_DC_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb9a978895b0e094 Environment-variable access.
repo/enterprise/server/auth/constants.py:48
JIRA_DC_BASE_URL = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c41eee2cae80bad6 Environment-variable access.
repo/enterprise/server/auth/constants.py:49
JIRA_DC_ENABLE_OAUTH = os.getenv('JIRA_DC_ENABLE_OAUTH', '1') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a50c1996d2af033 Environment-variable access.
repo/enterprise/server/auth/constants.py:50
JIRA_DC_SERVICE_ACCOUNT_EMAIL = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82bfaf55f7a4fbac Environment-variable access.
repo/enterprise/server/auth/constants.py:51
JIRA_DC_SERVICE_ACCOUNT_PAT = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e1865df5d54ea77 Environment-variable access.
repo/enterprise/server/auth/constants.py:53
JIRA_DC_HTTP_TIMEOUT = float(os.getenv('JIRA_DC_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c5591c9dd6b68b0 Environment-variable access.
repo/enterprise/server/auth/constants.py:54
AUTH_URL = os.getenv('AUTH_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed89ea1aa902bf9a Environment-variable access.
repo/enterprise/server/auth/constants.py:55
ROLE_CHECK_ENABLED = os.getenv('ROLE_CHECK_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23bd7087eb224538 Environment-variable access.
repo/enterprise/server/auth/constants.py:64
DUPLICATE_EMAIL_CHECK = os.getenv('DUPLICATE_EMAIL_CHECK', 'true') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d809ba09d748b48d Environment-variable access.
repo/enterprise/server/auth/constants.py:65
BITBUCKET_DATA_CENTER_CLIENT_ID = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_ID', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3dfb2af300dc2d7 Environment-variable access.
repo/enterprise/server/auth/constants.py:68
BITBUCKET_DATA_CENTER_CLIENT_SECRET = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_SECRET', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5b2d248237b23d9 Environment-variable access.
repo/enterprise/server/auth/constants.py:71
BITBUCKET_DATA_CENTER_HOST = os.getenv('BITBUCKET_DATA_CENTER_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7df30e4ee97036ff Environment-variable access.
repo/enterprise/server/auth/constants.py:78
BITBUCKET_DATA_CENTER_BOT_TOKEN = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_TOKEN', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09d2a8716259200d Environment-variable access.
repo/enterprise/server/auth/constants.py:84
BITBUCKET_DATA_CENTER_BOT_USERNAME = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_USERNAME', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a92ac2f9d494e56 Environment-variable access.
repo/enterprise/server/auth/constants.py:92
RECAPTCHA_PROJECT_ID = os.getenv('RECAPTCHA_PROJECT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #799e6778d30a3643 Environment-variable access.
repo/enterprise/server/auth/constants.py:93
RECAPTCHA_SITE_KEY = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dcc11cd9c8d346f Environment-variable access.
repo/enterprise/server/auth/constants.py:94
RECAPTCHA_HMAC_SECRET = os.getenv('RECAPTCHA_HMAC_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #918e53319ee3fbaa Environment-variable access.
repo/enterprise/server/auth/constants.py:95
RECAPTCHA_BLOCK_THRESHOLD = float(os.getenv('RECAPTCHA_BLOCK_THRESHOLD', '0.3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f81fe9572ad1d0a Environment-variable access.
repo/enterprise/server/auth/constants.py:98
AUTOMATION_SERVICE_URL = os.getenv('AUTOMATION_SERVICE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09094dfb4c75d766 Environment-variable access.
repo/enterprise/server/auth/constants.py:106
AUTOMATION_EVENT_FORWARDING_ENABLED = os.getenv(
    'AUTOMATION_EVENT_FORWARDING_ENABLED', 'false'
) in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90916f1631a609b5 Environment-variable access.
repo/enterprise/server/auth/constants.py:110
AUTOMATION_WEBHOOK_SECRET = os.getenv('AUTOMATION_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc3bd8094b80f9c6 Environment-variable access.
repo/enterprise/server/auth/constants.py:112
AUTOMATION_SERVICE_TIMEOUT = int(os.getenv('AUTOMATION_SERVICE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d2420c2fafd996 Environment-variable access.
repo/enterprise/server/config.py:57
    config_cls: str = os.environ.get('OPENHANDS_CONFIG_CLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3af66f0ba802b20 Environment-variable access.
repo/enterprise/server/config.py:59
    posthog_client_key: str = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296f9177dda481d1 Environment-variable access.
repo/enterprise/server/config.py:60
    github_client_id: str = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #890c7084a985650c Environment-variable access.
repo/enterprise/server/config.py:61
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #648416a666ee4349 Environment-variable access.
repo/enterprise/server/config.py:62
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30c752f03bc54563 Environment-variable access.
repo/enterprise/server/config.py:63
    auth_url: str | None = os.environ.get('AUTH_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #542e674e9c148f40 Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53add2f20f3853ae Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(
        'MAINTENANCE_START_TIME', ''
    )  # Timestamp in EST e.g 2025-07-29T14:18:01.219616-04:00

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6a36e6f0242ee1 Environment-variable access.
repo/enterprise/server/config.py:82
    enable_onboarding = os.environ.get('OH_ENABLE_ONBOARDING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c8fbba9f62a0b84e Hardcoded external endpoint. Review what data is sent to this destination.
repo/enterprise/server/config.py:118
        response = requests.get('https://api.github.com/app', headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #06b776e2c2de6805 Environment-variable access.
repo/enterprise/server/constants.py:5
HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04b38f5114241f31 Environment-variable access.
repo/enterprise/server/constants.py:23
BYOR_KEY_ALIAS_PATTERN = os.getenv(
    'BYOR_KEY_ALIAS_PATTERN', 'BYOR Key - user {user_id}, org {org_id}'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4be1254052af266 Environment-variable access.
repo/enterprise/server/constants.py:45
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8342113a4a9fb46 Environment-variable access.
repo/enterprise/server/constants.py:61
DEFAULT_BILLING_MARGIN = float(os.environ.get('DEFAULT_BILLING_MARGIN', '1.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbfe5bed13b9f862 Environment-variable access.
repo/enterprise/server/constants.py:74
LITELLM_DEFAULT_MODEL = os.getenv('LITELLM_DEFAULT_MODEL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72358e5b8ecc15e Environment-variable access.
repo/enterprise/server/constants.py:75
OPENHANDS_LLM_PROVIDER_ROUTE = os.getenv('OPENHANDS_LLM_PROVIDER_ROUTE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f19bb094e7037e89 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4447424b9875ea40 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(
    'LLM_MODEL'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b11de6bd7b9118b Environment-variable access.
repo/enterprise/server/constants.py:79
OPENHANDS_DEFAULT_LLM_BASE_URL = os.getenv(
    'OPENHANDS_DEFAULT_LLM_BASE_URL'
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03c6ee8ae7062461 Environment-variable access.
repo/enterprise/server/constants.py:81
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89964fd20cb72592 Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e99d17447578bc1f Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(
    'LLM_API_KEY'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c134e87c0193eb Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b233256a8f0033dd Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27dc3005b2e3a6c1 Environment-variable access.
repo/enterprise/server/constants.py:93
LITE_LLM_TEAM_ID = os.environ.get('LITE_LLM_TEAM_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23b839922036199b Environment-variable access.
repo/enterprise/server/constants.py:94
LITE_LLM_API_KEY = os.environ.get('LITE_LLM_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e004745bb235a643 Environment-variable access.
repo/enterprise/server/constants.py:110
STRIPE_API_KEY = os.environ.get('STRIPE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6767b8f3b70a3ee7 Environment-variable access.
repo/enterprise/server/constants.py:111
REQUIRE_PAYMENT = os.environ.get('REQUIRE_PAYMENT', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #844972f470140ca6 Environment-variable access.
repo/enterprise/server/constants.py:113
SLACK_CLIENT_ID = os.environ.get('SLACK_CLIENT_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d49084e1c77d2cdd Environment-variable access.
repo/enterprise/server/constants.py:114
SLACK_CLIENT_SECRET = os.environ.get('SLACK_CLIENT_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a778d880ba6612d Environment-variable access.
repo/enterprise/server/constants.py:115
SLACK_SIGNING_SECRET = os.environ.get('SLACK_SIGNING_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0d616665cf76b86 Environment-variable access.
repo/enterprise/server/constants.py:116
SLACK_WEBHOOKS_ENABLED = os.environ.get('SLACK_WEBHOOKS_ENABLED', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c5da8a57fc0d15 Environment-variable access.
repo/enterprise/server/constants.py:118
WEB_HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea7b621a9260535b Environment-variable access.
repo/enterprise/server/constants.py:121
    for host in (os.getenv('PERMITTED_CORS_ORIGINS') or f'https://{WEB_HOST}').split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84f75c30c35dee39 Environment-variable access.
repo/enterprise/server/constants.py:127
DEFAULT_V1_ENABLED = os.getenv('DEFAULT_V1_ENABLED', '1').lower() in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e5b5130a36ef266 Environment-variable access.
repo/enterprise/server/constants.py:135
USER_PROVISIONING_ENABLED = os.getenv('USER_PROVISIONING_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79b95efa86acf5de Environment-variable access.
repo/enterprise/server/constants.py:145
OPEN_ORG_CREATION_ENABLED = os.getenv('OPEN_ORG_CREATION_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fce215934a75a910 Environment-variable access.
repo/enterprise/server/logger.py:13
LOG_JSON = os.getenv('LOG_JSON', '1') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb9d3c14893acc86 Environment-variable access.
repo/enterprise/server/logger.py:14
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f2d0fc8ebcea56 Environment-variable access.
repo/enterprise/server/logger.py:15
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2946369810624a85 Environment-variable access.
repo/enterprise/server/logger.py:26
LOG_JSON_FOR_CONSOLE = int(os.getenv('LOG_JSON_FOR_CONSOLE', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f69df543e8b5daaa Environment-variable access.
repo/enterprise/server/routes/github_proxy.py:14
GITHUB_PROXY_ENDPOINTS = bool(os.environ.get('GITHUB_PROXY_ENDPOINTS'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73d24443d2be6f0 Environment-variable access.
repo/enterprise/server/routes/integration/github.py:22
GITHUB_WEBHOOKS_ENABLED = os.environ.get('GITHUB_WEBHOOKS_ENABLED', '1') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e8dbd7cc9bc7cd Environment-variable access.
repo/enterprise/server/routes/integration/jira.py:27
JIRA_WEBHOOKS_ENABLED = os.environ.get('JIRA_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d55d0afaa3bb8483 Environment-variable access.
repo/enterprise/server/routes/integration/jira_dc.py:56
JIRA_DC_WEBHOOKS_ENABLED = os.environ.get('JIRA_DC_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63320cbb90e6032d Environment-variable access.
repo/enterprise/server/routes/service.py:23
AUTOMATIONS_SERVICE_KEY = os.getenv('AUTOMATIONS_SERVICE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e40548aeb51920 Environment-variable access.
repo/enterprise/server/services/email_service.py:32
        resend_api_key = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a14a33a33ab5d64a Environment-variable access.
repo/enterprise/server/services/email_service.py:48
        return RESEND_AVAILABLE and bool(os.environ.get('RESEND_API_KEY'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f46edff96d94bb0b Environment-variable access.
repo/enterprise/server/services/email_service.py:57
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f816cfc909187ef Environment-variable access.
repo/enterprise/server/services/email_service.py:91
        from_email = os.environ.get('RESEND_FROM_EMAIL', DEFAULT_FROM_EMAIL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40d76edef6909f44 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:30
        host = os.environ.get('SMTP_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b108855833281da Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:34
        port_value = os.environ.get('SMTP_PORT', '587')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44553dd5cc75db5f Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:44
        use_ssl = os.environ.get('SMTP_USE_SSL', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e6bebe23077c880 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:49
            os.environ.get('SMTP_USE_TLS', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #604ac946b45b10fe Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:58
            'username': os.environ.get('SMTP_USERNAME', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c79e330b2e87c2b0 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:59
            'password': os.environ.get('SMTP_PASSWORD', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a8a35138892a811 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:60
            'from_email': os.environ.get('SMTP_FROM_EMAIL', DEFAULT_FROM_EMAIL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c07f86b532689375 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:123
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45d1c8d582071d46 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:139
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7539ac77f0037c2a Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:163
                endpoint_url=os.getenv('AWS_S3_ENDPOINT'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e482f0dbc02555ca Environment-variable access.
repo/enterprise/server/sharing/google_cloud_shared_event_service.py:135
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8db4bee5858f1adf Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c29b454f5999ba5 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(
    'RATE_LIMIT_AUTH_WINDOWS', '10/second; 100/minute'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cad1cb597ad5e4a0 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:23
    os.environ.get('RATE_LIMIT_USER_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b0484638b7248c4 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:26
    os.environ.get('RATE_LIMIT_IP_SECONDS', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #846847dfd9a54bb1 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:31
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_USER_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18fac9934bd4b10e Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:34
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_IP_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296cf1f371bf91bf Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:39
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_USER_SECONDS', '30')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c82a012d86977e13 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:42
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_IP_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb6a75b568621447 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:47
    os.environ.get('RATE_LIMIT_ORG_INVITATION_USER_SECONDS', '6')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1189a4af32dbb4f8 Environment-variable access.
repo/enterprise/storage/default_org_service.py:43
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a890d6b731f8edbe Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:36
ENABLE_BILLING = os.environ.get('ENABLE_BILLING', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a0ca71a0151461 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:53
        budget = float(os.environ.get('DEFAULT_INITIAL_BUDGET', 0.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5f040ae28b556ba Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:154
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d827121bdc43d4 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:313
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e234814e695011d2 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:521
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26876106f73a6f9e Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:47
RESEND_API_KEY = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e95168227aabe3f4 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:48
RESEND_AUDIENCE_ID = os.environ.get('RESEND_AUDIENCE_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37d0cad57c66be9a Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:54
BATCH_SIZE = int(os.environ.get('BATCH_SIZE', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9ece15db9397c01 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:55
MAX_RETRIES = int(os.environ.get('MAX_RETRIES', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d96b30bed65ffb1 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:56
INITIAL_BACKOFF_SECONDS = float(os.environ.get('INITIAL_BACKOFF_SECONDS', '1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e491bd39a28deeb Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:57
MAX_BACKOFF_SECONDS = float(os.environ.get('MAX_BACKOFF_SECONDS', '60'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40ac459c3615ae66 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:58
BACKOFF_FACTOR = float(os.environ.get('BACKOFF_FACTOR', '2'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e0f592e323f913 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:59
RATE_LIMIT = float(os.environ.get('RATE_LIMIT', '2'))  # Requests per second

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0530ce29a5830852 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9682423d37a4d38f Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(
                'RESEND_FROM_EMAIL', 'OpenHands Team <[email protected]>'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63185953b78f6d07 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a90bba52e4d3cb Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(
                'RESEND_REPLY_TO_EMAIL', '[email protected]'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
high pii_flow dependency Excluded from app score #e32606c4caba426b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
        mock_response = httpx.Response(
            status_code=200,
            content=file_content,
            headers={"content-type": "application/octet-stream"},
            request=httpx.Request(method="GET", url=s3_uri),
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5085aabf993acc04 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519
        return httpx.AsyncClient(
            transport=transport,
            event_hooks=event_hooks,
            timeout=timeout,
            verify=ssl_config,
            cert=cert,
            headers=default_headers,
            follow_redirects=True,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #13e46d6353fc7ca8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051
            self.client = httpx.Client(
                transport=transport,
                timeout=timeout,
                verify=ssl_config,
                cert=cert,
                headers=default_headers,
                follow_redirects=True,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #f6a01eb178304ea1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #4b080cfce73ff502 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
        mock_response = HttpxResponse(
            status_code=200,
            content=json.dumps(response).encode("utf-8"),
            headers={"content-type": "application/json"},
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #aaccd294dac23e50 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
            params={"timeout": httpx.Timeout(timeout=timeout, connect=5.0)},

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #2a65edfa2be6818f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #f372f041915d480d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #8db655a08118d62c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #2995c15d3f6b28dc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #10f2748532c0c26f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #6fc3d23ad687fc83 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #2c314a51eeddb344 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:103 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}. id={}, model_group={}. Get the model info by calling 'router.get_model_info(id)".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                            model_id,
                            deployment.get("model_name", ""),
                        ),
                        request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #551ea50df1fb9796 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:128 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #3398d5a623cc3cf0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:188 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                        ),
                        headers={"retry-after": str(60)},  # type: ignore
                        request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #8621ce3f065b34a3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:212 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            headers={"retry-after": str(60)},  # type: ignore
                            request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5178ebb3bc8de34e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:123 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #f3b88d86392582a0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:144 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #c9a6c8c451095350 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:200 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #f9b3698298c768dd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:225 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #d888f9105093f670 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e5ff50f6d9cdf31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4bb3a76183d09ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b02c02f833739e06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2993ed40e1966c6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:40
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ee553d1c4fab7f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c53aaac754cc959 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:15
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7f66df0e7927c0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf1588a62bc4b5b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:45
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9c3662fb00e520d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:46
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #034885bedad97cce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:10
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6835d53e978209b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7be4899c4748f549 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:12
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0f3852eb425de953 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:61
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #228207d7fd7a5502 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:62
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec91208738797c9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:160
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #390fcc8a2c93f4e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:202
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eaa666159be62e99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:247
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a905ad2594e198b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:38
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0dd4b844bfb6790b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d93dce4c78fcb43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel_attributes.py:28
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6783bc07772c2cdf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e440d9e821b5a232 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b53bf7196ce25fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:28
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9279a04365a1553 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:29
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #beeda42a1ede14ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2917c411be4c7305 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:31
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c42f8c1b03051b44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:109
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7f6282b74fb72bf4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:190
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a52477d58710ffa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:310
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4cb4203d6ad06788 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:311
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #994579ae7c877c4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:312
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b072dd75fed471b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:346
        from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84670743a1925c4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:347
        from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2ef37a906473fea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:406
        from opentelemetry._logs import get_logger_provider, set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cd1d3eff9003462 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:407
        from opentelemetry.sdk._logs import LoggerProvider as OTLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b229c57b4192a5e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:408
        from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd770907553e69e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:450
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e6e8a8b620b3e1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:451
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d0a7ca6be6d411a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:510
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee6017a78df7388d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:511
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e6219a832309a2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:572
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6df34718cc5de6a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:573
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f2be85687391997 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:687
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d136a7c4b4f36527 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:758
            from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0cc24ce533fbc28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:805
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d122198f04ae9cdb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:825
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c47f363fa0f09541 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:826
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b441515f473d5004 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1090
        from opentelemetry._logs import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f089fdf65ef7300c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1093
            from opentelemetry.sdk._logs import (  # type: ignore[attr-defined]  # OTEL < 1.39.0
                LogRecord as SdkLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92bad06c44f91250 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1097
            from opentelemetry.sdk._logs._internal import (
                LogRecord as SdkLogRecord,  # type: ignore[attr-defined]  # OTEL >= 1.39.0

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26d5e07e2d02b00f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1179
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c4c43d56d9d4fa1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1267
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c34c350e8019ff7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1940
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34f1171c42855508 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1951
        from opentelemetry import context, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50dfdb337a73dc61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1952
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86f97fcada435aef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2007
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e520d5114fe08035 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2058
                from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8556c3b2372e53b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2081
                from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #949fd5f35ead59fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2141
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a964ac65604dce7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2153
            from opentelemetry.exporter.otlp.proto.http._log_exporter import (
                OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eaa956fb20cfa7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2167
                from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
                    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21e599ddefa1a3b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2189
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d60dfb2f10f88f3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2197
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a7c9916b38d425a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2198
        from opentelemetry.sdk.metrics.export import (
            AggregationTemporality,
            ConsoleMetricExporter,
            PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51f7b506f73be761 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2225
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
                OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc79e776e205a819 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2238
                from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4547f01e304749e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2359
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac2fda32b7f797f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2360
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b8982186a8c0732 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2412
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d24c670c33c44f64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2413
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fd5e9a18e315ef2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/base_otel_llm_obs_attributes.py:5
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #354ccfb1746c38f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a9424a4252c770b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d20b3c182233e758 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0308e5255f9c9458 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:26
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcdc3e73641df421 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #960a5c4f450512df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3604
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1b1a49900f4f00f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3610
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d86beb637d98d134 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3611
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3e6a2096c79a245 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee0def66f8eb2218 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/llms/base_llm/managed_resources/base_managed_resource.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d664d3abdcff9d7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:64
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb46bc8b18b26047 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:83
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #353d5d424c0cc86b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfe7a3af15de3e30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/batch_rate_limiter.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #208ab702b9f24651 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:22
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f026f36e1631574 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f9db518c8d080681 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:120
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5010a702a548a78e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:139
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #515dd6a3b8b64773 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:195
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a96c4abc3632d7d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cdf9d730b8879071 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14174fcb60276c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3712d6594b9d3d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58fd25c531894915 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e0a60de109b0e1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/health_state_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c89e5a560898637 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #89b2f09d89de26bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1353 low-confidence finding(s)
low env_fs dependency Excluded from app score #5e8b462e9d42d847 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:19
if os.getenv("LITELLM_MODE", "DEV") == "DEV":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3893327de53d28ef Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:87
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a95c7af0f4b80314 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:219
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f32c6784ac520f Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:220
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eded6edf850914f Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:222
    os.getenv("LITELLM_USE_CHAT_COMPLETIONS_URL_FOR_ANTHROPIC_MESSAGES", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f72f2c736282c58 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:225
    os.getenv("LITELLM_ROUTE_ALL_CHAT_OPENAI_TO_RESPONSES", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ebdace5aa94486d Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:376
model_cost_map_url: str = os.getenv(
    "LITELLM_MODEL_COST_MAP_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc2d4856214e6b43 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:380
blog_posts_url: str = os.getenv(
    "LITELLM_BLOG_POSTS_URL",
    "https://docs.litellm.ai/blog/rss.xml",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4131d29143cf5ae1 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:384
anthropic_beta_headers_url: str = os.getenv(
    "LITELLM_ANTHROPIC_BETA_HEADERS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/anthropic_beta_headers_config.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf484b7d21d1d98 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:2003
if os.getenv("LITELLM_DISABLE_LAZY_LOADING", "").lower() in ("1", "true", "yes", "on"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab4a1aa583afde65 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:21
    os.getenv("LITELLM_DISABLE_REDACT_SECRETS", "").lower() != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8d2ecac03a0961f Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:84
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341bb59d5e9a449b Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:86
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5359ad7deb305b Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:159
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e53438850b083f17 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:160
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #149ed7fe89f9f890 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:162
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cceec98afa9b7e6e Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:167
    if "REDIS_SSL" in os.environ and os.environ["REDIS_SSL"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77b999c24f580908 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:174
    if "REDIS_USERNAME" in os.environ and "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #443e2a0fe9f6c87b Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:175
        auth_part = f"{os.environ['REDIS_USERNAME']}:{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad225fec1c6de7ff Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:176
    elif "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #197536b4d9c018eb Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:177
        auth_part = f"{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07deb7329396c6fd Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:179
    return f"{redis_protocol}://{auth_part}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed462d5e366b2648 Filesystem access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:51
                files("litellm")
                .joinpath("anthropic_beta_headers_config.json")
                .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c1a4c6598fc1f7 Environment-variable access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:142
    if os.getenv("LITELLM_LOCAL_ANTHROPIC_BETA_HEADERS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029a3b98a956d139 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:113
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41ed1e0b9329203 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:114
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56e01649fbfc71f1 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:120
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c7e78c8b2b0195 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:128
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc00209ee64c484 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8745af2f4d355dcc Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d99930e7dd47464 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d1e656466a35450 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49c41b7f4fcd989b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:495
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4675785038e40da Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:496
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7ba7cc705122e9 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:502
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cca75d004979f75 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:510
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a162286fe02bfdd Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:684
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f196dbcdc63b24e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:685
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7706926b3d4da1b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:691
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d2de627eb056381 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:699
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3b4bc59f206757 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:840
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #457f49301f28b206 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:841
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d732869cc86f1c6 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:847
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fc2347f1bb2a62a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:855
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fa6cd929f1a0241 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1029
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbdd2da2d02413b2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1030
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8ca818b8410691d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1036
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03551932c5a694e5 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1044
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c50aab596605aaf Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1191
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d856418886e561 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1192
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc11d40cfa5ac123 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1198
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb217e6d054c420d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1206
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3f436bb9a59168c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1390
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc40c2470702abb5 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1391
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f6b023fd39d3ae Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1397
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0e7692330a73fec Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1405
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7226885c1cdc9ab5 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:263
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8747cc0862429889 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:264
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e879f09e50f5b167 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:270
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f38e0717133a92 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:278
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d30d22ce1e7cec Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:432
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10cb467335a9623c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:433
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cad803019b2309c0 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:439
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d4154513d231a94 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:447
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c87f01f116f20a82 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:765
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3e18b9985381920 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:789
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #014f1c11fef3a7df Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:790
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42fd1f1169686fb5 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:796
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bdf0d75572f2f9c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:991
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23a2b870ee20f25 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:992
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c026f5b2c9f0f73d Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:998
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #643e1534f6fa47a3 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:1005
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fec3ae38d42185 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4745030bbb7a4dfb Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:218
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbd24668e63459c Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:79
            qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea919d727c81346a Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:81
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85dcdf6b93b2fd2 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8944d197832858f Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:96
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76af89847edc98f Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:97
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cffbe35006f7aa4 Environment-variable access.
pkgs/python/[email protected]/litellm/completion_extras/litellm_responses_transformation/transformation.py:896
            or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d23001b78f5c3796 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
    os.getenv("DEFAULT_HEALTH_CHECK_PROMPT", "test from litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cabcea9e969c2e43 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
    os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f30eadf25b0563a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5054a5ecfc53fa0b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:14
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cb790f7f80545f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecc1367380b25ac5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
    os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57201865b4d22818 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:19
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4acbc7e39d01e0eb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:21
    os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c6808f83b40ff6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:24
    os.getenv("DEFAULT_NUM_WORKERS_LITELLM_PROXY", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038736922c890232 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:27
    os.getenv("DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a225fcb3a0d850a1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2222c0ebffde355 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:32
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd349ca2eef86542 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6da7ebff97abddac Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:35
    os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d07d3e3dca177e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:38
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c2482d0983372a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a4b5bb972b1d556 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:41
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #955f910eec0c6022 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:42
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d67bbd8db680fe1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:43
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5ef61cbec77551f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:45
    os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e7dcccf8f5be89 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:48
    os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08efa1267278734e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:50
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #840e7ea76557b698 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:55
_max_stream_duration_env = os.getenv("LITELLM_MAX_STREAMING_DURATION_SECONDS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c241ba20f2eda79 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:63
MAX_BASE64_LENGTH_FOR_LOGGING = int(os.getenv("MAX_BASE64_LENGTH_FOR_LOGGING", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1304de0563853ca3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:68
    os.getenv("LITELLM_DETAILED_TIMING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a22b01435c20fd2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:73
    os.getenv("MODEL_COST_MAP_MIN_MODEL_COUNT", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #278858a249d3fc47 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("MODEL_COST_MAP_MAX_SHRINK_RATIO", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07be9f6883aaf688 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:78
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfe3ae6b324b0ef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:79
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64911df93de77c07 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:84
MAX_IMAGE_URL_DOWNLOAD_SIZE_MB = float(os.getenv("MAX_IMAGE_URL_DOWNLOAD_SIZE_MB", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #085cf973da42f133 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f075e7947d8f0a40 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:89
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b260ab2b0e6d1e32 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:92
    os.getenv("DEFAULT_FAILURE_THRESHOLD_MINIMUM_REQUESTS", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550e4279924466d3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:96
    os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c3b0bbb73e8c79 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:101
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e807a0f20f321683 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:104
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_TOP_K", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ae13917f885285e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:107
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_SIMILARITY_THRESHOLD", 0.3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dce4aa03f1c50a12 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:110
    os.getenv("MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH", 150)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32e93e54510738e2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:115
    os.getenv("DEFAULT_SEMANTIC_GUARD_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fba3453853384a9f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:118
    os.getenv("DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30f9ccc33213f399 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:123
    os.getenv("MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d5d466a662975f4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:126
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE", "200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b6d76c19b01141 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL", "3600")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef730b1a0f5c4889 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:135
MCP_NPM_CACHE_DIR = os.getenv("MCP_NPM_CACHE_DIR", "/tmp/.npm_mcp_cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb07bc752f4f98c2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:136
MCP_OAUTH2_TOKEN_CACHE_MIN_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MIN_TTL", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e4e4db9185144e6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:141
    os.getenv("MCP_PER_USER_TOKEN_DEFAULT_TTL", "43200")  # 12 hours

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285b77d78611774c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:144
    os.getenv("MCP_PER_USER_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e1813c91b43f64d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:148
MCP_CLIENT_TIMEOUT = float(os.getenv("LITELLM_MCP_CLIENT_TIMEOUT", "60.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1d9308ac491f11b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:149
MCP_TOOL_LISTING_TIMEOUT = float(os.getenv("LITELLM_MCP_TOOL_LISTING_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db1e2eb33c94e5e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:150
MCP_METADATA_TIMEOUT = float(os.getenv("LITELLM_MCP_METADATA_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2dbf9718168607d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
MCP_HEALTH_CHECK_TIMEOUT = float(os.getenv("LITELLM_MCP_HEALTH_CHECK_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #583ecebb325826e9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:158
_MCP_STDIO_EXTRA_COMMANDS = os.getenv("LITELLM_MCP_STDIO_EXTRA_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21bae63ee775c371 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:172
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a95eaec4c063148 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:175
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_PRO", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03542766470fd939 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:178
    os.getenv(
        "DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH_LITE", 512
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bacabd14200d6ff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:190
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0478dfeed0268e0d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:197
    os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d56bd677e49a5006 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:200
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ecc84087067e68 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:203
    os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d65982a0e8be4549 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:206
    os.getenv("DEFAULT_REASONING_EFFORT_XHIGH_THINKING_BUDGET", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7659e12bef694f2f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:209
    os.getenv("DEFAULT_REASONING_EFFORT_MAX_THINKING_BUDGET", 16384)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d0e749392e26f4b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:212
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9334366f8ef28152 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:216
    os.getenv("RUNWAYML_DEFAULT_API_VERSION", "2024-11-06")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #279cde8b32c56686 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:219
    os.getenv("RUNWAYML_POLLING_TIMEOUT", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c8e70d14b445ed5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:227
AIOHTTP_CONNECTOR_LIMIT = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aa041ffe9b18879 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:229
    os.getenv("AIOHTTP_CONNECTOR_LIMIT_PER_HOST", 500)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881a2ae34138b817 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:231
AIOHTTP_KEEPALIVE_TIMEOUT = int(os.getenv("AIOHTTP_KEEPALIVE_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616d84066c9b826a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:232
AIOHTTP_TTL_DNS_CACHE = int(os.getenv("AIOHTTP_TTL_DNS_CACHE", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce55bc4c17c055af Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:239
AIOHTTP_SO_KEEPALIVE = os.getenv("AIOHTTP_SO_KEEPALIVE", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc5343d382f4c740 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:240
AIOHTTP_TCP_KEEPIDLE = int(os.getenv("AIOHTTP_TCP_KEEPIDLE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c855c8c506316a6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:241
AIOHTTP_TCP_KEEPINTVL = int(os.getenv("AIOHTTP_TCP_KEEPINTVL", 30))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c0e2444573dd4f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:242
AIOHTTP_TCP_KEEPCNT = int(os.getenv("AIOHTTP_TCP_KEEPCNT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33405e46b751be90 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:255
_max_size_env = os.getenv("REALTIME_WEBSOCKET_MAX_MESSAGE_SIZE_BYTES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222930895802063d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:263
DEFAULT_SSL_CIPHERS = os.getenv(
    "LITELLM_SSL_CIPHERS",
    # Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
    "TLS_AES_256_GCM_SHA384:"  # Fastest observed in testing
    "TLS_AES_128_GCM_SHA256:"  # Slightly faster than 256-bit
    "TLS_CHACHA20_POLY1305_SHA256:"  # Fast on ARM/mobile
    # Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake, widely supported)
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    # Priority 3: Additional modern ciphers (good balance)
    "ECDHE-RSA-CHACHA20-POLY1305:" "ECDHE-ECDSA-CHACHA20-POLY1305:"
    # Priority 4: Widely compatible fallbacks (slower but universally supported)
    "ECDHE-RSA-AES256-SHA384:"  # Common fallback
    "ECDHE-RSA-AES128-SHA256:"  # Very widely supported
    "AES256-GCM-SHA384:"  # Non-PFS fallback (compatibility)
    "AES128-GCM-SHA256",  # Last resort (maximum compatibility)
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212387e2974669b1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:293
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45643a6419487897 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:295
LITELLM_ASYNCIO_QUEUE_MAXSIZE = int(os.getenv("LITELLM_ASYNCIO_QUEUE_MAXSIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050d6cb9aa29b603 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:296
TOOL_POLICY_CACHE_TTL_SECONDS = int(os.getenv("TOOL_POLICY_CACHE_TTL_SECONDS", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60eabadd52b36db4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:300
    os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", int(LITELLM_ASYNCIO_QUEUE_MAXSIZE * 0.8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #822fc4397f4a65a3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:303
    os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56b50a8afbfc698b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:307
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #175efb721327db63 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:310
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21dde684d033057d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:312
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbbb23b956aa4a1d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:313
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14ba209e381b5b22 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:314
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eff870eba09a4db Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:315
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ea0950bc885e787 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:317
    os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e5458c9d87e351d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:320
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ccd1f630fab0ddc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:321
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bf11264c70eefac Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:322
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #806d3e86c746069b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:324
    os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8de81cb00798e237 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:327
    os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82287f5a216848ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:330
    os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9116cb8b057d104c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:333
    os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90e35e300ba0e508 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:335
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1e0d4c00f534a1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:336
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cf45c837c9fa3bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:338
    os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #432dc0490cc2cb9c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:343
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43deb9379a72748e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:346
    os.getenv(
        "AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0
    )  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab7daea34285cbb6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:351
    os.getenv(
        "AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0
    )  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dc7d01aa0a8c59f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:356
    os.getenv(
        "AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1
    )  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63258154245f2648 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:360
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f74ccb3b554c745 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:363
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4508fbf9699953b5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:367
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6965b6c5045e180 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:369
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2a4829a4eea7d74 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:370
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f5fe72be9174839 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:371
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #600cd3915ef67ae1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:373
    os.getenv("DEFAULT_IN_MEMORY_TTL", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83815b79c889cffd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:376
    os.getenv("DEFAULT_MAX_REDIS_BATCH_CACHE_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #267fae646513efb3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:379
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee554390875eece2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:381
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b6a103e4bebda4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:383
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_API_VERSION", "2024-11-30")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79b85b9ca9154e61 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:386
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI", 96)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #598ab0ea6f84bdc2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:388
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #698627a929cd39ef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:389
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02f33df59905690d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:391
    os.getenv("REDIS_CIRCUIT_BREAKER_FAILURE_THRESHOLD", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65029edaf6da5de9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:394
    os.getenv("REDIS_CIRCUIT_BREAKER_RECOVERY_TIMEOUT", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8ab6b15c807e14e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:398
DEFAULT_REDIS_MAJOR_VERSION = int(os.getenv("DEFAULT_REDIS_MAJOR_VERSION", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c843e5e0fe7bf19e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:400
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370f745c69be11ad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:402
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa6932c72c57f21 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:403
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 2048))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #270b72359ae6b361 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:404
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #560f819014814064 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:406
    os.getenv("BEDROCK_MIN_THINKING_BUDGET_TOKENS", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb6a84a7f4e40bab Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:411
    os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dc54e5caf2b6438 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:414
    os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b76265b197328ff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:416
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885e8d5be1ac0315 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:417
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc87544458811835 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:418
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8287d6418d309fd3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:419
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f91466710825f573 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:420
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcacd3f40a7bbf85 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:421
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aed027c9552770fe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:422
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eab9b37d294878b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:423
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f075ce49bd9c3d7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:424
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734e7b66db84f33c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:425
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ac7da3ead03d32 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:426
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04e7a617af4c2f7d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:428
    os.getenv("AUDIO_SPEECH_CHUNK_SIZE", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c758db895bd24bb2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:430
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d72f5d52d8b88e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:444
    os.getenv("REQUEST_TIMEOUT", str(int(DEFAULT_REQUEST_TIMEOUT_SECONDS)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61395215f8cc01d2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:447
    os.getenv("DEFAULT_A2A_AGENT_TIMEOUT", 6000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78ed101f86d7c331 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:469
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b98c6a163b294bc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:471
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a3301ac0a83bdc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:472
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d196be1d01a67e00 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:473
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08cbbc497d04011 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:474
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9cf04aac1f1e300 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:475
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f1db0238f0cc74d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:479
    os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d63584f0d358337 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:482
    os.getenv("LOGGING_WORKER_CONCURRENCY", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b68f80ec2966da Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:484
LOGGING_WORKER_MAX_QUEUE_SIZE = int(os.getenv("LOGGING_WORKER_MAX_QUEUE_SIZE", 50_000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e461aa1d280a696 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:486
    os.getenv("LOGGING_WORKER_MAX_TIME_PER_COROUTINE", 20.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4de40a967898721 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:489
    os.getenv("LOGGING_WORKER_CLEAR_PERCENTAGE", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd403dd2a785217 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:491
MAX_ITERATIONS_TO_CLEAR_QUEUE = int(os.getenv("MAX_ITERATIONS_TO_CLEAR_QUEUE", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd72205801c2111f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:492
MAX_TIME_TO_CLEAR_QUEUE = float(os.getenv("MAX_TIME_TO_CLEAR_QUEUE", 5.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c317490ee2a3eb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:494
    os.getenv("LOGGING_WORKER_AGGRESSIVE_CLEAR_COOLDOWN_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03f2cd27332701fa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:496
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #225934113431aba5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:501
    os.getenv("EMAIL_BUDGET_ALERT_TTL", 24 * 60 * 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee5b8fb2b1e47c46 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:504
    os.getenv("EMAIL_BUDGET_ALERT_MAX_SPEND_ALERT_PERCENTAGE", 0.8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea60e9ed37750290 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:508
ANTHROPIC_TOKEN_COUNTING_BETA_VERSION = os.getenv(
    "ANTHROPIC_TOKEN_COUNTING_BETA_VERSION", "token-counting-2024-11-01"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691812858ec9dc22 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:526
    os.getenv("DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS", 8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3972d4bcba3b2e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:531
    os.getenv("DEFAULT_DATAFORSEO_LOCATION_CODE", 2250)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe4866956a71175d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1279
    os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfa807a7bdb7998b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1286
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d5ebc5ee4bfbf40 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1289
    os.getenv("CLOUDZERO_EXPORT_INTERVAL_MINUTES", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63be3461606466da Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1292
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915d659d54e0b321 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1315
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c289f7bbac0320 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1318
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908f96c5675bb3b4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1325
PYTHON_GC_THRESHOLD = os.getenv("PYTHON_GC_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef75810588e70f2f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1354
    os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5446a03a039586 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1357
    os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df3c1674bdc20e8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1361
    os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f07191ca461a097 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1363
_background_health_check_max_tokens_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #822e95ca430a30d2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1381
_background_health_check_max_tokens_reasoning_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS_REASONING"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ea0b367ecafd99b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1407
LITELLM_KEY_ROTATION_ENABLED = os.getenv("LITELLM_KEY_ROTATION_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9ceef45ceffed15 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1409
    os.getenv("LITELLM_KEY_ROTATION_CHECK_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a522e2c10c73886 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1411
LITELLM_KEY_ROTATION_GRACE_PERIOD: str = os.getenv(
    "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
)  # Duration to keep old key valid after rotation (e.g. "24h", "2d"); empty = immediate revoke (default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daacefc5c3f368e6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1415
    os.getenv("LITELLM_KEY_ROTATION_LOCK_TTL_SECONDS", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c04a0fb670caeee2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1418
LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED = os.getenv(
    "LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED", "false"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #287ffd92156d6309 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1422
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b48547e9ad9837 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1425
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_BATCH_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ff0696c1210b358 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1437
    os.getenv("CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1344436a3a40fbf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1438
    or os.getenv("LITELLM_CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4db4491294aa01b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1445
LITELLM_UI_SESSION_DURATION = os.getenv("LITELLM_UI_SESSION_DURATION", "24h")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed59e473932be3a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1453
    os.getenv("CLOUDZERO_MAX_FETCHED_DATA_RECORDS", 50000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d42546b4df58369a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1458
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6f2d8d3056cbcec Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1459
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe74658a10112a49 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1460
SPEND_LOG_QUEUE_SIZE_THRESHOLD = int(os.getenv("SPEND_LOG_QUEUE_SIZE_THRESHOLD", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9f202e4fd5332d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1461
SPEND_LOG_QUEUE_POLL_INTERVAL = float(os.getenv("SPEND_LOG_QUEUE_POLL_INTERVAL", 2.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8420f1a8d33d3d8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1463
    os.getenv("SPEND_COUNTER_RESEED_LOCKS_MAX_SIZE", 10000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8afe009959e61ec Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1466
    os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #190c57e8a54ffd89 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1469
    os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea171310c6d550b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1471
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b460d980a3f96ad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1472
MAX_OBJECTS_PER_POLL_CYCLE = max(1, int(os.getenv("MAX_OBJECTS_PER_POLL_CYCLE", 50)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a4f2b8921f387fa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1474
    1, int(os.getenv("MANAGED_OBJECT_STALENESS_CUTOFF_DAYS", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3244409cb4836db Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1477
    1, int(os.getenv("STALE_OBJECT_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e7f513c0043a47d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1482
_batch_polling_env = os.getenv("PROXY_BATCH_POLLING_ENABLED", "true").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d86297b605abfdf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1485
    os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c01bd82218ce888 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1488
    os.getenv("PROXY_BATCH_WRITE_AT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a880c27a2d57c93c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1493
APSCHEDULER_COALESCE = os.getenv("APSCHEDULER_COALESCE", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18663365104fe11b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1498
    os.getenv("APSCHEDULER_MISFIRE_GRACE_TIME", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c1004c5fdd1cdb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1501
    os.getenv("APSCHEDULER_MAX_INSTANCES", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee45011c2acfd8fe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1503
APSCHEDULER_REPLACE_EXISTING = os.getenv(
    "APSCHEDULER_REPLACE_EXISTING", "True"
).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a8fe2e8328dc018 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1515
    os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dac3877a3478132 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1518
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_TTL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b27254c85ca389a6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1521
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_LOCK_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f80af246cf9a82 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1527
    os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7183574a435b333 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1530
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8305be0c77c53a8c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1533
    os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0816b2b9a21419c2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1535
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6dc62911ee84fc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1537
    os.getenv("MAX_POLICY_ESTIMATE_IMPACT_ROWS", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8780cffd31ad42cf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1540
    os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa621bb4815a15fb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1542
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d7600549a2d3a0f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1544
    os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32cf39c7062ef48 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1558
    os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b705a4f8723318c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1560
DEFAULT_ACCESS_GROUP_CACHE_TTL = int(os.getenv("DEFAULT_ACCESS_GROUP_CACHE_TTL", 600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae323b48144aa723 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1631
    os.getenv("COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7287c60110cfa089 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1635
DEFAULT_CHUNK_SIZE = int(os.getenv("DEFAULT_CHUNK_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #718ad86eeb434d38 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1636
DEFAULT_CHUNK_OVERLAP = int(os.getenv("DEFAULT_CHUNK_OVERLAP", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0960d56ebb29aabb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1639
S3_VECTORS_DEFAULT_DIMENSION = int(os.getenv("S3_VECTORS_DEFAULT_DIMENSION", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #433072c169bb45ce Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1641
    os.getenv("S3_VECTORS_DEFAULT_DISTANCE_METRIC", "cosine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73dd13b6c3b5ad96 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1647
    os.getenv("MICROSOFT_USER_EMAIL_ATTRIBUTE", "userPrincipalName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43037836527d0103 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1650
    os.getenv("MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE", "displayName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af0ee71b0b3a6980 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1652
MICROSOFT_USER_ID_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_ID_ATTRIBUTE", "id"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9203d43cd64070dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1654
    os.getenv("MICROSOFT_USER_FIRST_NAME_ATTRIBUTE", "givenName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84079ddcf609e15 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1657
    os.getenv("MICROSOFT_USER_LAST_NAME_ATTRIBUTE", "surname")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b473988cd75e7e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1663
    os.getenv("MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG", 102400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5fb0956ac6be25e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1667
MAX_COMPETITOR_NAMES = int(os.getenv("MAX_COMPETITOR_NAMES", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98c8d86617be2f6b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1668
COMPETITOR_LLM_TEMPERATURE = float(os.getenv("COMPETITOR_LLM_TEMPERATURE", 0.3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b511cea831d5f3 Filesystem access.
pkgs/python/[email protected]/litellm/containers/endpoint_factory.py:40
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15b709dc8d50e7df Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:205
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1435945ad004124f Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:206
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48fa2da27246251f Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:212
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3efe60102f6ac6bf Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:220
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3444f3c7bbac26b Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:430
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb3031bb78403408 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:431
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #487c314704633ad7 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:437
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #872d9043e7f53464 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:445
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05d9367629ef6888 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:592
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e15f67ba6b6c20 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:593
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #202905765d438877 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:599
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444e7434ebe34669 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:607
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3889696c0f5786a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:749
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b133e4bf5c4aa481 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:750
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d41a090fd9eebcbe Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:756
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36c68f45847a6f2e Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:763
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f71ed914992f6ac Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1120
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adb9c03624b367c3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1165
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #694e808379fa7c95 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1214
            email_logo_url = os.getenv(
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecc598a34a8605b5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1215
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6e4cae4605bc6ad Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1217
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79ec4fbe06ff77b9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1243
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c5a2e83a12ac4d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1316
        email_logo_url = os.getenv(
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac0346a002d5c0a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1317
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85df90ef87460d7c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1319
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c8030d9ffa2f02d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1452
                _digest_webhook = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8bd7288e7d93c6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1479
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db344d8f45b15775 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1508
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eda355e7370808c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1586
                _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8117322e453f6410 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037d5999c62ef32a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:25
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c30de4f71ffb49fc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:26
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0470dded0735a359 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:63
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e040d7a1ff0628 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:64
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2af0b455d775fd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
            and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66436a0972f1a46 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:73
            os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e4503c378ea3185 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:101
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758614d312c8f352 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:107
            or os.getenv("ARGILLA_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63fb830715137adc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:117
            or os.getenv("ARGILLA_DATASET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d3e9647c40e80a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:238
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606220c34c9e9fdd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:239
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f051261e36f1ab01 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:240
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52643b208f9b6324 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02f34ee7c094c18 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(
        "PHOENIX_API_KEY"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #386cb74374b40836 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:86
        space_id = os.environ.get("ARIZE_SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5440237d9c927590 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:87
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a05aae368df04a98 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:88
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916157446795e76c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:89
        project_name = os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8e0dfc7912e81df Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:91
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #833783232255ca14 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:92
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b2cef93b76d08c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:285
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d506b90109af016c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:287
        collector_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d067a0f8baf5522 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:290
            grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66d17535d57cfd83 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:291
            http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #153d0944694b8332 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:337
        project_name = os.environ.get("PHOENIX_PROJECT_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f935d9f5629f1580 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #388877693ee8f448 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:16
            os.getenv("ATHINA_BASE_URL", "https://log.athina.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #117338aab34e4fac Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:65
        self.dcr_immutable_id = dcr_immutable_id or os.getenv(
            "AZURE_SENTINEL_DCR_IMMUTABLE_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bafe017bb05df3d0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:68
        self.stream_name = stream_name or os.getenv(
            "AZURE_SENTINEL_STREAM_NAME", "Custom-LiteLLM"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64523ed879174bd2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:71
        self.endpoint = endpoint or os.getenv("AZURE_SENTINEL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5b706ffc4dbcabe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:74
            or os.getenv("AZURE_SENTINEL_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4daf6d9246ef48b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:75
            or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e31dbc376719bd3d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:79
            or os.getenv("AZURE_SENTINEL_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d943977e023c165 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:80
            or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c66e178696266a6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:84
            or os.getenv("AZURE_SENTINEL_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f959fd41fc1dd2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:85
            or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb3fd3d165e8fe26 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #644923b3df8509a9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb325c6fc1b37f30 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:34
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faabb8f885ee577b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:35
            self.azure_storage_account_key: Optional[str] = os.getenv(
                "AZURE_STORAGE_ACCOUNT_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac119c238c385582 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1064cf26cacbaaf5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:46
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86ff6b738ea11ed8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:48
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ededde95269c75d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:50
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c8791a185d5d133 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:71
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14981b1655a2455 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_mock_client.py:54
_MOCK_LATENCY_SECONDS = float(os.getenv("BRAINTRUST_MOCK_LATENCY_MS", "100")) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28a95781f504f03b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:37
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9f722483316eccc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:38
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a805374083e4b20 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:39
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d3f44a66577a4f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:117
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb82312fbb706d3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:163
        dd_agent_port = os.getenv(
            "LITELLM_DD_AGENT_PORT", "10518"
        )  # default port for logs

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21d828e6fe5de9c0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:167
        self.DD_API_KEY = os.getenv("DD_API_KEY")  # Optional when using agent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da6c9581ae529475 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:177
        if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b5ee3fa50f6e75 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:179
        if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37a7438d6b73ba20 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:182
        self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f2a2d6cbab839b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:183
        self.intake_url = f"https://http-intake.logs.{os.getenv('DD_SITE')}/api/v2/logs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019374f5b124ec0e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:21
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a615ee25b611f0e5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:22
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc4e279dd5352477 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:23
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b33834d197f70b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:12
    return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c339b084f32325f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:16
    return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae9baac6b1de5ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:20
    return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb0cbe9c8d695032 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:28
    return os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f53e8f32613b3861 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:32
    return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d66737c756679ec8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:36
    return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b2d12703a19031d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:52
        "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acac66cd55578625 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:63
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc433c57bf7fd61b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:68
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a390835ce7b3af74 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:74
                if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c893664ace7859 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:76
                if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a405d015484c046b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:109
        agent_port = os.getenv("LITELLM_DD_LLM_OBS_PORT", "8126")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9a7023aedf7dfa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:123
        self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ed8cfc7735ca2a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:32
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #090100a56b0c42dd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:33
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eec9acaed6f1326e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:34
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46729a268bf35937 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:76
            f"version:{os.getenv('DD_VERSION', 'unknown')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a14c5211810d67 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51ccd35365412424 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a9f7740550d24c Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:157
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56654a33d32c4e9e Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:324
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aada3f5da8c6f28e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:20
            "dynamodb", region_name=os.environ["AWS_REGION_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30dd0bb07414a79a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:82
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53c4afaeea7df217 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:83
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edea2eaacac0b379 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:45
                or os.getenv("FOCUS_S3_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f7e25dc5581800b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:47
                or os.getenv("FOCUS_S3_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3e256670ab504d2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:49
                or os.getenv("FOCUS_S3_ENDPOINT_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0b2c9ce9107d57d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:51
                or os.getenv("FOCUS_S3_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e13159e7b0967eb0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:53
                or os.getenv("FOCUS_S3_SECRET_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7167024e625d122e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:55
                or os.getenv("FOCUS_S3_SESSION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1994bb7d9d1ae94 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:62
                "api_key": overrides.get("api_key") or os.getenv("VANTAGE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c3afdb4a9d9d11 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:64
                or os.getenv("VANTAGE_INTEGRATION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #538e0b27ae8c3451 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:66
                or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4609763289754ff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:41
        self.provider = (provider or os.getenv("FOCUS_PROVIDER") or "s3").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ea03ee421af647a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:43
            export_format or os.getenv("FOCUS_FORMAT") or "parquet"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a052d8955cf34ef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:45
        self.frequency = (frequency or os.getenv("FOCUS_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de0d9963a8383a55 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:49
            else int(os.getenv("FOCUS_CRON_OFFSET", "5"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50e93cba395bf5f0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:54
            else os.getenv("FOCUS_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34fbb6f7d5ef4fdc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:65
        env_prefix = os.getenv("FOCUS_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fb25c37dee8f5b5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:40
        self.base_url = os.getenv("GALILEO_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07e8e901e2ba729a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:41
        self.project_id = os.getenv("GALILEO_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe648f2287726578 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:59
                "username": os.getenv("GALILEO_USERNAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4654119e98e2e076 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:60
                "password": os.getenv("GALILEO_PASSWORD"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03e0d426067922ed Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:34
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e592bd5072bf938 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:36
            os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2b697c3accb7442 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:39
            os.getenv(
                "GCS_USE_BATCHED_LOGGING", str(GCS_DEFAULT_USE_BATCHED_LOGGING).lower()
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5391e0eb433287d1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:43
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f73b0093583d16ad Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:44
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea1bfbd30553dd37 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38f2faaf98b92bc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b93022cb33852cd8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:56
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b4f29cbc3f7ce3c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:57
        self.path_service_account_json = credentials_path or os.getenv(
            "GCS_PATH_SERVICE_ACCOUNT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6e21f9248f0b7ab Filesystem access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:43
        with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3d3db4631ab237 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:94
        return os.getenv(env_var_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0786d322be568c03 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:162
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74dcea3b21430b8c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:216
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5290f662826305cc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efb3556a0d7726ea Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c1400f8354a09c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:39
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e35edeac4aca8e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:40
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0869bec9db7ab445 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:53
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #809bfcdabd63d9d1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:56
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e614e43e88fa397 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:59
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39a42a4ca05a044 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:92
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb3c8708ca2895a6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:93
            os.environ["LAGO_API_CHARGE_BY"], str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba573c3a11afc0ae Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a419a9cdee5b9176 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:100
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #731f89f46a7abc33 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:122
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dc332ba41543236 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:133
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9838ba2eb547e62 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:142
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e0bc2194e4ba832 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:167
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16cffbd0ef022a17 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:178
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e2ad1388b19e04b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:105
            langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a16dc2c42ceab8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:107
        public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #040f6a6984ddf701 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:109
    resolved_host = langfuse_host or os.getenv(
        "LANGFUSE_HOST", "https://cloud.langfuse.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67671b36ee60a446 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:147
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b1a0c6fc5b09cd9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:148
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47201216a1c5bb8f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:179
            os.environ["LANGFUSE_PROJECT_ID"] = "mock-project-id"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c42f96852263d96d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:184
                os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c115ba6d8274115 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:188
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3452e09c3f7db82 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:189
            upstream_langfuse_debug_env = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3599927201137623 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:195
            self.upstream_langfuse_secret_key = os.getenv(
                "UPSTREAM_LANGFUSE_SECRET_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74829cdc3a168ad4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:198
            self.upstream_langfuse_public_key = os.getenv(
                "UPSTREAM_LANGFUSE_PUBLIC_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d9285d5a121913d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:201
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #800a9f71ecf2e74e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:202
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ff6e3e05a82e26e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:743
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7debb9220d339bd2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:1057
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88e459e767999692 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:235
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #451b81643a8834b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:265
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #578fceab0564f53e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:274
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0ebd4187f9645c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:275
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5afd3ae9e8aabd05 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:322
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be7f957179d047f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:323
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66e3bb4f3feade51 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:88
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #459527fc8e07a030 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:89
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #641348b2b203b67d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:69
            or float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5f432670a4498e5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:70
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bafd351d232f9ebe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:71
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b32d9a5d5c710c21 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:74
        self.langsmith_default_run_name = os.getenv(
            "LANGSMITH_DEFAULT_RUN_NAME", "LLMRun"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2a11d2fd0225ac4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:81
            os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53790389e1360cb9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:124
            _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0345467e5f28c414 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:127
                or os.getenv("LANGSMITH_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcf789031f3e56b8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:132
                or os.getenv("LANGSMITH_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1f796ed78f77b5c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:135
            _credentials_tenant_id = langsmith_tenant_id or os.getenv(
                "LANGSMITH_TENANT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4303eaf265ecb89c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:52
        api_key = os.environ.get("LEVOAI_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cc5a27bac4e4617 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:53
        org_id = os.environ.get("LEVOAI_ORG_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a3d39d6a06467d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:54
        workspace_id = os.environ.get("LEVOAI_WORKSPACE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a7176d9dceb316f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:55
        collector_url = os.environ.get("LEVOAI_COLLECTOR_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e65dfbd5e3a0ad3e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f681c7d3f3856e49 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5411568c04b401c0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:40
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a604db5f0abd66bb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5074e7ad27105924 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:128
        float(os.getenv(latency_env, str(config.default_latency_ms))) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d5da2f17037ac0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:278
        mock_mode = os.getenv(config.env_var, "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a5c0e96ae2753ca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:46
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12e50028e725b019 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:87
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #395fa782f1689ca5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:96
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d4fc171421f1ce9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:102
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6acbdc46709656e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:122
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6abcb46369ba47b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:128
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b185356230dea50a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:52
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45d0dfc4c2e30570 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:53
LITELLM_METER_NAME = os.getenv("LITELLM_METER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7a0da9f8db86ae5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:54
LITELLM_LOGGER_NAME = os.getenv("LITELLM_LOGGER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f98fe961d6c17d0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:88
            self.service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9090d55a5b19f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:90
            self.deployment_environment = os.getenv(
                "OTEL_ENVIRONMENT_NAME", "production"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c61a5779a817179 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:94
            self.model_id = os.getenv("OTEL_MODEL_ID", self.service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60634e08680d73dd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:97
                os.getenv("OTEL_IGNORE_CONTEXT_PROPAGATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9170041e287bf299 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:113
        exporter = os.getenv(
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053c1c27ac45da94 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:114
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f121a25290fbc2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:116
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5732ce81050787f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:117
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98f2411a8acead4d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:118
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d1c4c6baf392226 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:121
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_METRICS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2dc9b04ccb1894 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:125
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_EVENTS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461d8e3420fcd727 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:128
        service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f4ba66a15fa0372 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:129
        deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f37d16c19877ca2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:130
        model_id = os.getenv("OTEL_MODEL_ID", service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0551df1177ec0655 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:168
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #396d83da2646cb28 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2139
        otel_logs_exporter = os.getenv("OTEL_LOGS_EXPORTER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9db71fd943bcbe8a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:58
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db13ac23441789a5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:56
            if os.getenv("POSTHOG_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aa11884ebe4ede1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:64
            self.POSTHOG_API_KEY = os.getenv("POSTHOG_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0ef142709417342 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:65
            posthog_api_url = os.getenv("POSTHOG_API_URL", "https://us.i.posthog.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18218c49a55a32f2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prometheus.py:3485
        if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eddf8e91aa8345a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12954d4d3d672dc2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9414d78c2c2146f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c19f07310c8557c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:46
        resolved_api_key = api_key or os.getenv("VANTAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d84e821dd91252a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:47
        resolved_token = integration_token or os.getenv("VANTAGE_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #559e5758ff725938 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:48
        resolved_base_url = base_url or os.getenv(
            "VANTAGE_BASE_URL", "https://api.vantage.sh"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029f99d25bd22827 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:52
            frequency or os.getenv("VANTAGE_EXPORT_FREQUENCY") or "hourly"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0c405e29634f4a0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:55
        raw_interval = interval_seconds or os.getenv("VANTAGE_EXPORT_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a16f5f41d0eb66dc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:140
    api_key = os.getenv("WANDB_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29823d5445941edd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:141
    project_id = os.getenv("WANDB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b206b7e762823e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:142
    host = os.getenv("WANDB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1643a2c324a2be09 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:169
    os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae7c92454d91a858 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:170
    os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd5460161c7acf3 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:70
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f65d682ecf9670e2 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:88
                with open(str(content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81ceaf96c17e2e4b Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:178
                with open(str(file_content_obj), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abd09af09dc39e19 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:228
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ec59e45c28b819 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:265
            with open(str(file), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0386eeee4612ea82 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/cli_token_utils.py:28
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c21cce93608889 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:21
custom_cache_dir = os.getenv("CUSTOM_TIKTOKEN_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a58817bb3186bbf7 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:29
os.environ["TIKTOKEN_CACHE_DIR"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8a64edbca0b063 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/env_utils.py:14
    raw = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bdb6557e2e59f26 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:55
            files("litellm").joinpath("blog_posts.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5be9f8790b4c1937 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:134
        if os.getenv("LITELLM_LOCAL_BLOG_POSTS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793d01f59026db30 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:40
            files("litellm")
            .joinpath("model_prices_and_context_window_backup.json")
            .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0239d7d23e76726d Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:258
    if os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8300d8c8a91d118 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3615
                    os.environ.get("SENTRY_API_TRACE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7addfdabd5bdf342 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3616
                    if "SENTRY_API_TRACE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66244348b8363c61 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3620
                    os.environ.get("SENTRY_API_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f80fdaa7ae18a7 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3621
                    if "SENTRY_API_SAMPLE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05876309499ae30a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3625
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8e533ab17d060b9 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3634
                    environment=os.environ.get("SENTRY_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7656a939012ea796 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3648
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbf77a406af7bc66 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3649
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea76430cdbc5e4d Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3651
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2710183c59833fee Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3877
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b52304902c7d1578 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3902
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d75a3a7cbeb858d2 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3905
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eeeb473d29b9cd0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3909
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #754d927578d25d6b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3914
            phoenix_project_name = os.environ.get("PHOENIX_PROJECT_NAME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b4b6f673d203b97 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3916
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b05220f16316e43b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3919
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b9f340d58873cb1 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3923
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db93fe61ea07f0d3 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3929
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fddfab254aabdd0e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4035
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a155832cc8a0b5e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4042
            logfire_base_url = os.getenv(
                "LOGFIRE_BASE_URL", "https://logfire-api.pydantic.dev"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c7d6fccc3f8cfda Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4048
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37e96c3bac4b8f3c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4106
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a69234dd44cb71b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4118
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c54250646e8c48aa Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4119
                f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10aecf72cc6dc5b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4325
    if not any(os.environ.get(v) for v in phoenix_env_vars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #969e6cfa20761184 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4480
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #458d6700afddb2d2 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4489
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2398cb0b5be3940b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4518
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e8ffd5fabed421 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:5616
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b85bc84db8da715 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:748
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b925ebdd7a87bb5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/token_counter.py:60
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97aad6429bbf70c5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/utils.py:12
        or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2715cf643e845224 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:179
    azure_authority_host = os.getenv(
        "AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #346f6b151813cfc8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:182
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #797a787e0ad32aba Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:183
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b46875748962fb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:298
    tenant_id = litellm_params.get("tenant_id") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfa419ab0f54a676 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:299
    client_id = litellm_params.get("client_id") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a851370f6a33d6f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:300
    client_secret = litellm_params.get("client_secret") or os.getenv(
        "AZURE_CLIENT_SECRET"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de87613c9b58b8b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:303
    azure_username = litellm_params.get("azure_username") or os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57152d8b36bbbb6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:304
    azure_password = litellm_params.get("azure_password") or os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f02f01ad7fcd9c2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:305
    scope = litellm_params.get("azure_scope") or os.getenv(
        "AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a152665e2e79c1ce Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:609
            api_version = os.getenv(
                "AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aea3578550af9119 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:664
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126b8381a2bdf7da Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:665
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a37e8b52bc443b9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:668
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd84df66a217b177 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:810
        return os.getenv(env_var_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0806681da955dd9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:62
            api_key = os.getenv("AZURE_AI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eec1f1e8b2c3f532 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:67
            api_base = os.getenv("AZURE_AI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee9a78eea3da919c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:146
                if key.upper() in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d264ff855f5f3530 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:147
                    params_to_check[i] = os.getenv(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4000daf932b73457 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:648
        current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1687c2e0732530be Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:649
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c59b75ebd6ce08c Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:777
        with open(web_identity_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82bb93581f4c7012 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:925
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f11eb1383002ccb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:926
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71185cba52b504cf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:930
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9079826925aa2c92 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:931
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f060eade67a6b6f4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:108
        output_bucket = litellm_params.get("s3_output_bucket_name") or os.getenv(
            "AWS_S3_OUTPUT_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f15c5ec0423a7e55 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:119
            or os.getenv("AWS_BATCH_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #039bbe58ced9981e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:1236
            or os.getenv(bucket_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e40c2253d285807 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:112
        bucket_name = bucket_name or os.getenv("AWS_S3_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1898012661058de7 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:102
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60db9b22600c8fc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:181
        bucket_name = litellm_params.get("s3_bucket_name") or os.getenv(
            "AWS_S3_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeb48ef4dda1b764 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:778
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df7138ea3c4dc56 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/image_edit/amazon_nova_canvas_image_edit_transformation.py:145
        with open(image, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e68fe7a0cfac2f23 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:33
        self.token_dir = os.getenv(
            "CHATGPT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/chatgpt"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abf24b54eb2e4fe Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:38
            self.token_dir, os.getenv("CHATGPT_AUTH_FILE", "auth.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b89212b45f4848c7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:44
            os.getenv("CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #839eb32c0c1d28cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:45
            or os.getenv("OPENAI_CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ec110e87693c0e Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:95
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43a1c0415a369cd Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:105
            with open(self.auth_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddbc9a17382ac6a3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:153
    term_program = os.getenv("TERM_PROGRAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3570c7590dd765e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:155
        version = os.getenv("TERM_PROGRAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc4124844f7d396 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:159
    wezterm_version = os.getenv("WEZTERM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f49382e0803e59e9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:165
        os.getenv("ITERM_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4b39e2119abb402 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:166
        or os.getenv("ITERM_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f21484b0b8fba432 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:167
        or os.getenv("ITERM_PROFILE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19e2e922f212b661 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:171
    if os.getenv("TERM_SESSION_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e7c872d11ce5235 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:174
    if os.getenv("KITTY_WINDOW_ID") or "kitty" in (os.getenv("TERM") or ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4083262030d43643 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:177
    if os.getenv("ALACRITTY_SOCKET") or os.getenv("TERM") == "alacritty":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df81ae600019c715 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:180
    konsole_version = os.getenv("KONSOLE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7c1c17ac0a9c5e4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:185
    if os.getenv("GNOME_TERMINAL_SCREEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a14bd3dc763b599 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:188
    vte_version = os.getenv("VTE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbba7ade47a25e64 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:193
    if os.getenv("WT_SESSION"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddac4e36f1bbf2da Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:196
    term = os.getenv("TERM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7422a7eb5426b53 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:213
    originator = os.getenv("CHATGPT_ORIGINATOR") or DEFAULT_ORIGINATOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec98dbe023da3c07 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:218
    override = os.getenv("CHATGPT_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9e1fc3c033cc8d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:226
    suffix = os.getenv("CHATGPT_USER_AGENT_SUFFIX", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad3ebc69772627f4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:256
    return os.getenv("CHATGPT_DEFAULT_INSTRUCTIONS") or CHATGPT_DEFAULT_INSTRUCTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7c6b1297fbb348 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:353
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad723acb10c59ee2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/container_handler.py:45
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838d7cf7e9a34939 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:121
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bbbd7d1ecd1501d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:251
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a6ce926113ae1b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:266
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb37c95e6837769 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:308
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef7c83572657be3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:309
    ssl_ecdh_curve = os.getenv("SSL_ECDH_CURVE", litellm.ssl_ecdh_curve)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de2f6eead401c31b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:315
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d1a4c3ce7916d6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cba68e56793faf91 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:890
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd0c357bdd9cc57b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:952
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e57351dfa95aa530 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b96bd2a902b98c96 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:19
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca52fe62da1254e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:171
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9424dd5fa971c683 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:172
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #817f699fc6f8198e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:340
        client_id = os.getenv("DATABRICKS_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a162aa536826ee8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341
        client_secret = os.getenv("DATABRICKS_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17ae9163e4cc7b0e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:345
            api_base = os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58bc7927bf65f3ca Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:36
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb223c2d8643f5d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:37
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9595c443036c3b54 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:48
        api_key = litellm_params.api_key or os.getenv("DATABRICKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11f379fc28c8fb4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:49
        api_base = litellm_params.api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b7f923e7f69b54 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:71
        api_base = api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7a54ed4a0c3ab46 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc160a6d7b74cab Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7fa4c4d1888568f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:40
            self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e7237af9f3dea77 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:55
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8978856ede8df4e3 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:69
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ecf8ddde95965e2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:94
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8750952cdaa2f42 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:113
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4c8a406db18454 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:143
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ad8e5c5b6839f6f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:164
        api_key_url = os.getenv(
            "GITHUB_COPILOT_API_KEY_URL", DEFAULT_GITHUB_API_KEY_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8a2c3cefe3a8bd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:238
            device_code_url = os.getenv(
                "GITHUB_COPILOT_DEVICE_CODE_URL", DEFAULT_GITHUB_DEVICE_CODE_URL
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b2bd8ee57257f3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:241
            client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ac6569d245cbab4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:294
        access_token_url = os.getenv(
            "GITHUB_COPILOT_ACCESS_TOKEN_URL", DEFAULT_GITHUB_ACCESS_TOKEN_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06e79e336b830ea0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:297
        client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71d89b66981fc58e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/chat/transformation.py:37
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29242edcaa8ec229 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/embedding/transformation.py:108
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d37fa846c47b068 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/responses/transformation.py:168
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e554fd322dcb236 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:56
        api_base = api_base or os.getenv("HEROKU_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b40778cb7f6b6f5b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:57
        api_key = api_key or os.getenv("HEROKU_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d13474a08f97e79 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:82
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71137a767fae3e05 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:102
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #852dbfba5e8863e0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:103
            complete_url = str(os.getenv("HF_API_BASE")) or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c169279b841e38 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:104
                os.getenv("HUGGINGFACE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c99e2fd89d64bec7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91b07ee43a862dc8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d774f2df144ff6a9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:355
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b96caeccf48b9bda Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:356
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b7c7e822531c817 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:357
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03c83fb52546744 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:358
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4251c9b6c9663232 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:164
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94de3c6994bb3726 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:178
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88163176fa9f3548 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:343
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d375ea8f9d4c407 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:344
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc023b8ed80179bd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:345
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d97b698a91b9987 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:346
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d23182b2c6154ff Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee5226dd320dae09 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0c7a99f66a05af0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2777f4eb13f83ab7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:59
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7156f58782908c86 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:107
                        with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098b4165e504b3dc Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:277
                        with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25aada5e48402426 Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:161
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d70ecf46f88e174b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:68
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc39270ebf188fee Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/completion/transformation.py:220
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15d73ae3b78bafd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:273
        or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52302e65099821c9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:274
        or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #254db7fe8144d192 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:280
        or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275c84beb908131e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:284
        api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b699ed8323104158 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/token_counter.py:54
            api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4388d8f0ec42ad1b Filesystem access.
pkgs/python/[email protected]/litellm/llms/openai_like/json_loader.py:47
            with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f30b359faedf99a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:346
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e11c392f33d1caa Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:347
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3013df44bdc89201 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:30
    return os.getenv(HOME_PATH_ENV_VAR, DEFAULT_HOME_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de780e9af48aae3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:57
    raw = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e5d8c3789fd6ba Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:141
    profile = profile or os.environ.get(PROFILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #120a9532ad1cf500 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:142
    cfg_env = os.getenv(CONFIG_FILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ab5f1f0f47c33e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:279
        service_key or litellm.sap_service_key or os.environ.get(SERVICE_KEY_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9bc2c71039cb45 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:291
            lambda cv: _str_or_none(os.environ.get(f"AICORE_{cv.name.upper()}")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5707776d4fbfb29e Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:480
                with open(cert_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deaba0ae910863c2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:482
                with open(key_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d3daeb7107cea2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:236
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929979d0db8920c8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:297
        bucket_name = litellm_params.get("bucket_name") or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #259b1dd8714623d6 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:899
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6fabf2c828606cc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:69
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c15a4cdd1b30334 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:77
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6835a40cdf7ae338 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:78
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c324aea9cae19a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:87
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08a24366f1977ec Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:89
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01f3ac4d5a67508e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:77
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d04501918b347fe Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:85
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210b062e2cf0dd37 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:86
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d9fc1743329813 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:95
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39c28aab28200695 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:97
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca10797d350aa0b2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:101
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c6ace4e5d203b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:109
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8922a66b4832dcaf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:110
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a5ce9dd69f8226 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:119
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbf5bdaf1044cb01 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:121
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41a6c41dd2c875d0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:90
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688988cc223cc1b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:98
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d42062f4deaadb9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:99
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4baa60bd17f644c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:108
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b217f377439204d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:110
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f387f38724c86b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1646aa17fef08026 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(
            "GCS_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9a90e9392975cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:135
        original_bucket = os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c4d58d0f8d5b36d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:137
            os.environ["GCS_BUCKET_NAME"] = self.gcs_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e26e643990988be Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:166
                os.environ["GCS_BUCKET_NAME"] = original_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10310a2f3ddb3bb3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:167
            elif "GCS_BUCKET_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43af7701216b3f90 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:168
                del os.environ["GCS_BUCKET_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb508db057f42a72 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:157
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fba15d7745d57fa Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:95
                        with open(credentials) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c024a4786f8f455 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2806
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab904fae9e275df Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2852
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e9db68af24dd39 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3115
                or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b28e84dd9078c5f0 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3116
                or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d6dca7520036f89 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3210
                or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f76015c8323eccc Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:4018
                or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8048518eabad79 Filesystem access.
pkgs/python/[email protected]/litellm/ocr/main.py:420
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785f40a44a75c2d4 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:94
    with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2e4c931a50a781 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:15
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4999e75da89ba368 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:65
    raw = os.environ.get("LITELLM_USE_SHORT_MCP_TOOL_PREFIX", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab6b614739839734 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_lazy_openapi_snapshot.py:139
    SNAPSHOT_FILE.write_text(json.dumps(fragments, indent=2, sort_keys=True) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6cbd47a37a3be6c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a14078c0e74ab254 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:81
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_TIMEOUT", "5.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7800bd50a92e3a0b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:84
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_GATHER_TIMEOUT", "30.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff65d1350637b85a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:936
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7515c1ad3504af91 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:937
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c206c0808931e67b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:938
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28bcf39398a2d5fd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:563
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00268d15cf3fc385 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:722
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95c554cc3c3928c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:723
        issuer = os.getenv("JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ea820421acd7b1c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616584815a1924a5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:46
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6785ecfcd5f22ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:111
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32570ca627a89a41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:67
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81e80eed541f18fc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:68
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #165266f1a5e1e6b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:174
            os.getenv("PROXY_ADMIN_ID", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e87adf1c2afd3386 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:175
            and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #589968afcaeb7cef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:178
            key_user_id = os.getenv("PROXY_ADMIN_ID", LITELLM_PROXY_ADMIN_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddae0fd1f407890d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:193
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b32ee58715a8500 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:276
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a17270556b740fe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144
        token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af352605ad114976 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70bcb5fb270f932b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:146
        user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f2e37a7dbe793ed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60d132666eb3d831 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(
            "OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7d04f9e9e50b85d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:152
        oauth_client_id = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e57d800fa9db01 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:153
        oauth_client_secret = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77dce754a4186b0f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:80
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b9e9275d15cc6ad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:169
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f243bfc26d9dd697 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:170
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7da971a34755c7b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:171
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b16da4ec27ac40b9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:172
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #306251220474b596 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:173
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e34204c807631f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:174
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01cc38ae121292e1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:175
            aws_web_identity_token=os.getenv(
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64ef5953913ce863 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:176
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8ba6177204faf89 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:30
    with open(token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #591430a0ebddbdea Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:43
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7105e5363b2fe5b7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:287
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d60256acf09b393 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:308
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a7a818385f82940 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:395
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b9406cf3d61daa0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:91
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3f206fd2e2dd74f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:816
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3037c25ed70e404 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0659f4b8149ffaa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:5
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e705a3b07401afc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:6
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ff7cbaa7d6b324 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:112
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5de7d0cb7e1285fd Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:161
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f12379cb9b33add3 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/static_asset_utils.py:38
        with open(resolved, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e1099260bc6147 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/container_endpoints/handler_factory.py:31
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793630b2ac1cf25c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #067d444d6475f7a4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:722
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6be040f12cadf8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd00f4813c849b8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28674e62b5b2e533 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:71
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d04db6607b6b234 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:160
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae258a8ed1cfd3d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:206
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b7837f485c78928 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:207
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59f03097f6f24780 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:208
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9aa3b864c1ff46 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:209
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a0f8019a91fd46c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:210
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7066aed313eeebd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:220
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd3902f7ca5d242b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:366
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf1b4d10266e2155 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:504
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b37a53d75c6c288 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:24
        os.getenv("AUTO_REDIRECT_UI_LOGIN_TO_SSO", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe156ef4ebb150ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:27
    admin_ui_disabled = os.getenv("DISABLE_ADMIN_UI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec841360ffebd9d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #600f86340fb96b4c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1434
        with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bf95849ff28c2f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1471
        with open(airlines_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58322b71741575d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:56
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c73c87bd636dbb0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:64
            api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #922e8d5141125edb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:81
            akto_base_url or os.environ.get("AKTO_GUARDRAIL_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bea0a07d100b0fd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:88
        self.akto_api_key = akto_api_key or os.environ.get("AKTO_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ade77917a3ff3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b335981e7f59a3b7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(
            "AKTO_ACCOUNT_ID", "1000000"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #049760e982023cff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:101
        self.akto_vxlan_id = akto_vxlan_id or os.environ.get("AKTO_VXLAN_ID", "0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e8b7aaa826e8e88 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:48
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8691e45c13219dcc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:49
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a706ea25a038a9c0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:58
        self.api_key = api_key or os.environ.get("CS_AIDR_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f854b01a7e54bf1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:64
        self.api_base = api_base or os.environ.get("CS_AIDR_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a180e45c3b0ed5ee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:56
        self.api_key = api_key or os.getenv("DYNAMOAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b48cc17024c2e10 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:62
        self.api_base = api_base or os.getenv(
            "DYNAMOAI_API_BASE", "https://api.dynamo.ai"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb7f3290c3875133 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:68
        self.model_id = model_id or os.getenv("DYNAMOAI_MODEL_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15e7c9fba50e1aa0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:71
        env_policy_ids = os.getenv("DYNAMOAI_POLICY_IDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18590521d0132562 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:67
        self.api_key = api_key or os.getenv("ENKRYPTAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6030d434e21a091e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:73
        self.api_base = api_base or os.getenv(
            "ENKRYPTAI_API_BASE", "https://api.enkryptai.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af6a1e43e0d61438 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/generic_guardrail_api/generic_guardrail_api.py:203
        base_url = api_base or os.environ.get("GENERIC_GUARDRAIL_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915e5b939ed51cbe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:84
        api_key_value = api_key or os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b8cc5e7a12cc44 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:91
        base = api_base or os.getenv("GRAYSWAN_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ca8a7cf18a4ae6e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:639
        env_val = os.getenv("GRAYSWAN_VIOLATION_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35079a59764fd7bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:650
        env_val = os.getenv("GRAYSWAN_REASONING_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6b9cdf0adf4f5c1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:74
            api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d808d2934858d96 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:74
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c13539c82f88bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:75
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fcf432c258764c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:80
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c6b9bf730ee6f8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:87
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03da790e14e06d54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:308
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d230f1bfc22e6f5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:309
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6769d77c4aa9a88 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:314
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf13e46a5cf6ed48 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:321
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa6a446d4be3940 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ibm_guardrails/ibm_detector.py:55
        self.auth_token = auth_token or os.getenv("IBM_GUARDRAILS_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fddee026e0d485f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:62
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f471082dd469bba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:65
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3458a0699553cfaa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:108
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3aa7a11fd3cdcf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:109
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea798064cace8e96 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4045fa2e5c3867d8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(
            "LASSO_CONVERSATION_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aad9ba7d754320ba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:123
            or os.getenv("LASSO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d373f14f1aa46199 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/competitor_intent/airline.py:124
        with open(_MAJOR_AIRLINES_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b5ed5bc0acfda1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:604
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e5fa26f677e0ce1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:630
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df574aa3caede0cc Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:736
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaf271f3b656a16b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bdf6d3709be44d1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:147
    with open(result_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b44608d2523a9582 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:562
    not os.environ.get("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63e3fa51f29d9a6b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:581
    not os.environ.get("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20333985b4e59083 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:18
    with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0699fa4523c18e9 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:161
                with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4feb06f53f5db878 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:107
    key_material = os.environ.get(env_var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #747253debb0fdbe6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:114
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd4745ed5e7d8a68 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:250
        key_material = os.environ.get(self.SIGNING_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daa00797fa00f686 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:271
            or os.environ.get("MCP_JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35842220a5ee71a8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:272
            or os.environ.get("LITELLM_EXTERNAL_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dfc9b8bbca95d44 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:276
            audience or os.environ.get("MCP_JWT_AUDIENCE") or self.DEFAULT_AUDIENCE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472f7f23b009b215 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:281
            else os.environ.get("MCP_JWT_TTL_SECONDS", str(self.DEFAULT_TTL))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ff2cd7e5a385d00 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:132
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241da8113384985c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ebaa14a400c9a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(
            "NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5ca7fa67280386 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:136
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad231d2867904e98 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:141
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3d33b4ede5b639e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:148
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67f527d12cfcea3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:155
                os.environ.get("NOMA_ANONYMIZE_INPUT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6ed4692e2598a3f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:60
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec8150077ec1c73 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:62
            api_base or os.environ.get("NOMA_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e4585e9f1c8911d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:64
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47bcb845c881804e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:67
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8034bee208c4dd20 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:74
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cb93f3a16d57984 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38
        timeout = timeout or int(os.getenv("ONYX_TIMEOUT", 10.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc0fe57d0fc998f8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:43
        self.api_base = api_base or os.getenv(
            "ONYX_API_BASE",
            "https://ai-guard.onyx.security",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22ee170fe03183e1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:47
        self.api_key = api_key or os.getenv("ONYX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #498ea47fdaef0f39 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:105
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eb6c5f0aba11b49 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:83
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01aff0d4c13acc39 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:92
            or os.environ.get("PANGEA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4898bf5d43ef729c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:112
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab69804c90d8be4a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:115
            or os.getenv("PANW_PRISMA_AIRS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2917b3103230e51 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:217
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9c968575318927 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:226
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec27874ba56b711a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:229
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de76dff52d9de3a1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:269
        action = fallback_on_error or os.environ.get("PILLAR_FALLBACK_ON_ERROR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65beccdfcd537a78 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:289
                    os.environ.get("PILLAR_TIMEOUT", str(self.DEFAULT_TIMEOUT))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40fd6eb93e9078ac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:293
                    f"Pillar Guardrail: Invalid PILLAR_TIMEOUT value '{os.environ.get('PILLAR_TIMEOUT')}', "

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1e5c69ed71f0289 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:635
            env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee58225f45d8ae94 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:145
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fd49b9ff9b9364e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:41
        self.api_key = api_key or os.environ.get("PROMPT_SECURITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0df40ff605d8b231 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:42
        self.api_base = api_base or os.environ.get("PROMPT_SECURITY_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #317ba6a482d8bdcb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:43
        self.user = user or os.environ.get("PROMPT_SECURITY_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b15fe47ed7ae127 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b8bf16a0e9b8921 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(
            "PROMPT_SECURITY_SYSTEM_PROMPT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11c0a59bb84a98db Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ad43fbcd13792a0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(
                "PROMPT_SECURITY_CHECK_TOOL_RESULTS", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1692d97da9f259 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1287af650a780b03 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(
            "PROMPTGUARD_API_KEY",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfde8b087bfe94e8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:69
            api_base or os.environ.get("PROMPTGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222e0303c2d2ff7f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:73
            env = os.environ.get("PROMPTGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee589bbeec5b74f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e5c2022930d911f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(
            "QOSTODIAN_NEXUS_API_BASE", "http://nexus:8800"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #951f94169efe6b18 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:68
            or os.environ.get("QUALIFIRE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fa9525f93b3c8ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:73
            or os.environ.get("QUALIFIRE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4410b9acadf17e56 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:38
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e03c4e18fca11cdd Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:58
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a114dd8ad7043a3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:92
        self.api_key = api_key or os.environ.get("XECGUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29ec3aa2c6ae857a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:102
            api_base or os.environ.get("XECGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f9f47f5dce2c50 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:109
            env = os.environ.get("XECGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb68b550c57e89d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:41
        self.zscaler_ai_guard_url = api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611a78e450b5e6b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:48
            else int(os.getenv("ZSCALER_AI_GUARD_POLICY_ID", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf28dea4147feb5a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:50
        self.api_key = api_key or os.getenv("ZSCALER_AI_GUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #992a7616586cdffe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:54
            else os.getenv("SEND_USER_API_KEY_ALIAS", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48244c1939eb3191 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:59
            else os.getenv("SEND_USER_API_KEY_USER_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac1dc55be5628b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:65
            else os.getenv("SEND_USER_API_KEY_TEAM_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86a179fb0d866222 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:416
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eadbfb601851475 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:29
if os.getenv("LEGACY_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #048a4d53b63e234b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:121
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcca24af13dcaf7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter_v3.py:122
            if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29a9ee2b8fb4e09 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_budget_per_session_limiter.py:70
            os.getenv(
                "LITELLM_MAX_BUDGET_PER_SESSION_TTL",
                DEFAULT_MAX_BUDGET_PER_SESSION_TTL,
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ce8d415c35f77d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_iterations_limiter.py:73
            os.getenv("LITELLM_MAX_ITERATIONS_TTL", DEFAULT_MAX_ITERATIONS_TTL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34efd057d34e4a42 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:260
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8faa1329b2c91958 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/responses_id_security.py:182
        salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e43eec12040124e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/callback_management_endpoints.py:52
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccc7a0d26734b2d2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:162
        env_value = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ae4089b2315787 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:204
            os.environ[env_var_name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0abca5e5d76329d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:206
            os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f1097dbc37c1a83 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/key_management_endpoints.py:3920
    grace_period_value = grace_period or os.getenv(
        "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a7e69a1af8f0a6e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2140
            with open(_MCP_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2214f425069c8fe5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2214
        with open(_OPENAPI_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c458e471879819cc Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:636
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f703ea9a82a76443 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:656
    use_local = os.getenv("LITELLM_LOCAL_POLICY_TEMPLATES", "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351d23d5d612ad29 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:59
        custom_authorization_endpoint = os.getenv(
            "MICROSOFT_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d7395f7cf4ef94 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:62
        custom_token_endpoint = os.getenv("MICROSOFT_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f7de429fb1498b6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:63
        custom_userinfo_endpoint = os.getenv("MICROSOFT_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18d7adcab782f5ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:547
                generic_user_role_attribute_name = os.getenv(
                    "GENERIC_USER_ROLE_ATTRIBUTE", "role"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b9d2f8e9f3a572 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:593
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ef91ae45df9f7a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:594
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32d3bff25820462 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:595
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f68edb07ef6faa70 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:598
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f5f7ebbd344ef20 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:633
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1792f4237341724 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:712
    generic_user_id_attribute_name = os.getenv(
        "GENERIC_USER_ID_ATTRIBUTE", "preferred_username"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0435b4ed3de511c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:715
    generic_user_display_name_attribute_name = os.getenv(
        "GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c5b72f66949bad5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:718
    generic_user_email_attribute_name = os.getenv(
        "GENERIC_USER_EMAIL_ATTRIBUTE", "email"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c729bc9a9cb953a4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:722
    generic_user_first_name_attribute_name = os.getenv(
        "GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12017a504a8b6d24 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:725
    generic_user_last_name_attribute_name = os.getenv(
        "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b409449ea5d92e9d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:729
    generic_provider_attribute_name = os.getenv(
        "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8eb94734cab788e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:733
    generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d7d69a9e9aceeb9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:735
    generic_user_extra_attributes = os.getenv("GENERIC_USER_EXTRA_ATTRIBUTES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37e2960b485912da Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:838
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbbb575b6e1026ad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:839
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9bb904841f10fc0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:840
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #108aaa4f7d5d4178 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:841
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd3436a73faeadba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:842
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d37b3dbfd03f443 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:844
        os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8ba7dde4e8c6c39 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:967
    generic_role_mappings = os.getenv("GENERIC_ROLE_MAPPINGS_ROLES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e53d82daa119505d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:968
    generic_role_mappings_group_claim = os.getenv(
        "GENERIC_ROLE_MAPPINGS_GROUP_CLAIM", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758be73c6c0cffe2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:971
    generic_role_mappoings_default_role = os.getenv(
        "GENERIC_ROLE_MAPPINGS_DEFAULT_ROLE", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f2f748e86b14fb4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1008
    raw = os.getenv("GENERIC_SSO_HEADERS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab036543ad6269b7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1032
    pkce_configured = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3306b2acf3fe4ac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1567
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c9d9c75fecd251 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1620
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d67e304dc1cf974 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1621
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb621b5057fdc1bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1622
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00e008245932e2f2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2021
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b826b43a9bc0a92 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2022
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36fe0efd89cd2be1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2023
    _api_doc_base_url = os.getenv("LITELLM_UI_API_DOC_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c0288dd181f5a2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2030
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a25de93fee3f22 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2031
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e929342a8ecc77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2057
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b75ab08b79e7c3a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2058
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4485dd9cb9df5940 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2059
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d84bb9a9408af8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2082
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1843a47fe374b7b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2087
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b05815f10f8b8fac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2088
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098dd422b13245c4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2095
        generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8007426f4d312bcb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2096
        generic_authorization_endpoint = os.getenv(
            "GENERIC_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ff87b21dde6bb0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2099
        generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34b800e916291f2a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2100
        generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4342c1e72872a6e4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2195
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d095b0a5894ec76f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2215
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5a0f961d4e016b7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2216
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa4b5c39f9b56dd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2237
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2e4a83f6a44c8a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2238
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90dc30e190dd7b5f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2241
            generic_authorization_endpoint = os.getenv(
                "GENERIC_AUTHORIZATION_ENDPOINT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2832805a2f3f9b71 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2244
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a32ae83b7a3ceb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2245
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f5b11661d5a2bfa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2450
            generic_client_state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b88fe63d93c49bba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2458
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31cb729c676c1b77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2729
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dc23bd6a2f1b2c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2731
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35eb5516ddd94190 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2758
            generic_user_role_attribute_name = os.getenv(
                "GENERIC_USER_ROLE_ATTRIBUTE", "role"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eae7c311516e5d01 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3049
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9798a3055ba27899 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3143
            os.getenv("PKCE_STRICT_CACHE_MISS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73932fbfd292a477 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3595
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #507c952aea78104d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3596
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b45c977afbac8de7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3754
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3cba340d1642955 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3958
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fd3041bfb4e3b41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3995
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bc50e00a6b6fde3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3996
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c24d2ccdd8bf3e1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3997
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f35614fcdab79ffb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4070
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0350627ebbd3453f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4071
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #389ef104552ee50f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4072
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f31c439d9b1d158 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4074
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d34208b3e5a170e0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/in_flight_requests_middleware.py:65
            if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de7ca5b981981efb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208
        os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5b922b8f9565533 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232542329d78de8f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311b68c3af7e161a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616
        os.getenv("ANTHROPIC_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b0b2f5516bc75fd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:617
        or os.getenv("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee248008a9dcbf86 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2030
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6551df3ab37f63ea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193
    base_target_url = os.getenv("CURSOR_API_BASE") or "https://api.cursor.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9bbc95042d70145 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/prometheus_cleanup.py:35
    if not os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf9c20206681485 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:28
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b48201f01e82c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:301
        if os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c26bf40fdbfe2f05 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:323
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50a6d5328f17d63d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #610b34fdcc12de19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(
            "prometheus_multiproc_dir"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3161a7e15387d982 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:386
            os.environ["PROMETHEUS_MULTIPROC_DIR"] = multiproc_dir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #494d3baf5dd8b92c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:755
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81a4373db6cd7e4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:756
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d02c54e0d05c441 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:757
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34493a99e3a8dd3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:758
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08c05f2ade438cef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:759
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7147490dcc701a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:770
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab84cd7cf334b7d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:771
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab492965611dc160 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:778
            os.getenv("USE_AWS_KMS", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25df2e7095c478b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:779
            and os.getenv("USE_AWS_KMS") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c990ba1cfc03ce Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:785
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcf1872aa05a78fd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:841
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c412b517c5756fec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:847
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e7a6374ed82eaf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:868
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f6d838e3754096 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:871
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe8fdabe72f83b97 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:877
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #745b187ed342eb78 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:889
            os.getenv("DATABASE_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa2554d4acbdb8a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:890
            or os.getenv("DIRECT_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f8b82d3d08e216f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:895
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50419cd5ef886f10 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:905
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adbe583cc7c9f93c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:906
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24bad84062f8941b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:912
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626597ebc63deb09 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:914
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06adc3ce4f6e3313 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:592
global_max_parallel_request_retries_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a77830dfa46a16 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:602
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2567316e1e41de7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:623
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed229f1c47fa1392 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:625
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ec662dbe3d5a8cb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:731
    _startup_hooks_env = os.environ.get("LITELLM_WORKER_STARTUP_HOOKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3217195b405e32b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:798
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69c1ab5242157e4b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1174
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #397f2b120220a4a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1221
        else os.getenv("LITELLM_CORS_ORIGINS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f16230ae1cd0e17 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1237
        else os.getenv("LITELLM_CORS_ALLOW_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b11445654874902 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1361
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d90820ea57965f8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1370
    runtime_ui_path = os.getenv("LITELLM_UI_PATH", default_runtime_ui_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1bc7c3edd2d2068 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1471
                        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b649f8dd289077 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1486
                        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #378922253c285985 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1672
root_redirect_url: Optional[str] = os.getenv("ROOT_REDIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9019e329da34b16 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1848
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f20471f394e13ac7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2688
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f5826c462f4c2c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3278
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c66f6ff3a128119 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3301
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30a0b30a63da8256 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3401
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5afa9697f8128391 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3564
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #984828051520e1fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3565
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b539b610421152d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3566
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88d61017bf40819f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3567
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81c149a25219e133 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3733
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f99494f7880bbdc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3742
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34044486a061ef6d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3746
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9c5a2d04660be6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4147
            use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75392a34b7c87a58 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4353
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e7d358658ccc912 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5001
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13a143ace15b2cff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5432
                os.environ[upper_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed3505e1e4939501 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6381
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a46ebd55cc10f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6407
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d463031203d8f084 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6438
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5289b5397b128dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6488
        os.environ["AZURE_API_VERSION"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5eb21c79b16b8ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7574
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d03120d42b58a1ea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7699
            app_name = os.getenv("PYROSCOPE_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c186024ee4103dcf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7705
            server_address = os.getenv("PYROSCOPE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0573a82751e596f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d48388d17dd77091 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(
                "LITELLM_DEPLOYMENT_ENVIRONMENT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3e73082af30d93 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7717
            sample_rate_env = os.getenv("PYROSCOPE_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e1cc8c09c2abe5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:12420
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aff1a12f006d06c5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13092
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8af8962cabb6734 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13106
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f0cb6ac0c5f323c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13111
    assets_dir = os.getenv("LITELLM_ASSETS_PATH", default_assets_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa4c8bcebb7d86c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13134
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eadedf932986548 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13176
    favicon_url = os.getenv("LITELLM_FAVICON_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1365ce889fa83171 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:14172
                    _value = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee9395604fbb370a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:145
        files("litellm")
        .joinpath("provider_endpoints_support_backup.json")
        .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02caef6cd3af010f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:349
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea9f408bc637bd1a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:439
    with open(agent_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31f80ecd02a9562c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:442
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f8b2417bd5942f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_log_error_logger.py:43
    return str_to_bool(os.getenv(SUPPRESS_SPEND_LOG_TRACEBACKS_ENV)) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11f782ea6b66b62e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2531
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b0d41ad5fb7cd54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_tracking_utils.py:47
    max_length_str = os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52f34285b4786913 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:817
                os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2f03e75e706da85 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:820
                os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f445c6196daaefe3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:982
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb1c526219befd0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:989
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be1d3ef1af772fe5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:990
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1063a1edce6678 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1001
        os.environ["LITELLM_FAVICON_URL"] = favicon_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #246793bcb0bc0f9f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1008
        if "LITELLM_FAVICON_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9cf8e39249b671 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1009
            del os.environ["LITELLM_FAVICON_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2477877935552038 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1391
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ba168c337efa5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:178
    if SendGridEmailLogger is not None and os.getenv("SENDGRID_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #025bd544048d5d5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:182
    if ResendEmailLogger is not None and os.getenv("RESEND_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d66845567239fba0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:186
    if SMTPEmailLogger is not None and os.getenv("SMTP_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79356b48135fbeb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1675
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e483d01594d238c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2453
    os.environ.get("LITELLM_CONFIG_PARAM_CACHE_TTL_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13facd1252e1b5e1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2549
            os.getenv("IAM_TOKEN_DB_AUTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56ac56da6e682a5c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2587
            1, int(os.getenv("PRISMA_RECONNECT_COOLDOWN_SECONDS", "15"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9030be458542db2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2590
            5, int(os.getenv("PRISMA_HEALTH_WATCHDOG_INTERVAL_SECONDS", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab033baf80234eb7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2593
            str_to_bool(os.getenv("PRISMA_HEALTH_WATCHDOG_ENABLED", "true")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47c335bb3bc10c53 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2597
            float(os.getenv("PRISMA_HEALTH_WATCHDOG_PROBE_TIMEOUT_SECONDS", "5.0")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17288619af0c4936 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2600
            1.0, float(os.getenv("PRISMA_WATCHDOG_RECONNECT_TIMEOUT_SECONDS", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49714510fecd81d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2603
            0.5, float(os.getenv("PRISMA_AUTH_RECONNECT_TIMEOUT_SECONDS", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f162257fb17a017 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2607
            float(os.getenv("PRISMA_AUTH_RECONNECT_LOCK_TIMEOUT_SECONDS", "0.1")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #646619c679c06c91 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2611
            1, int(os.getenv("PRISMA_RECONNECT_ESCALATION_THRESHOLD", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #024d638709c6165a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2707
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad8e38d029db8d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4232
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8d84d90f73e0aef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4254
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc188c9d1a168a33 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4722
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f14907b1d61d7661 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4723
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28dd328193de550b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4724
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2168e28c401a86ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4725
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d4a7228b55bef25 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4726
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0854c06ee5dfe46 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4757
            if os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #152c08bf0552ab7b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4946
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e494d1a7fe5af010 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5464
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7fbbcb1146cbee5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5467
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe0edc65f73e4058 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5481
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e91afb90ea29b97 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5484
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12b4853a250ce290 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5498
    if openapi_url := os.getenv("OPENAPI_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82d97a90e4c7c50 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5501
    if str_to_bool(os.getenv("NO_OPENAPI")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83308095f86c30b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5625
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fa4d3ec4a9ade3e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5635
    return os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d14ac6701e6574 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5687
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d4bd9adbfdfe561 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5688
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d01e54c4e5dac25d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5689
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2cf71207d78412c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5690
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f4bd1988c0d2ab2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5691
    database_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #063555e57889a2b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:210
        or os.getenv("LANGFUSE_HOST", _DEFAULT_LANGFUSE_HOST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d07823de6f386f1f Environment-variable access.
pkgs/python/[email protected]/litellm/realtime_api/main.py:301
            or os.environ.get("LITELLM_AZURE_REALTIME_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3bc147453cab27 Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:7635
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b274b997a8b30ee Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef954f3ecbdb4f5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d608f98f6201f795 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7130b85f1d5082a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2002fffcd77340c8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1acecae41efebe5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268e215079ce9bc8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2b73982185153b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:132
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ae6e0152cc2a9c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:65
            "AWS_REGION_NAME" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a7929aa2ffe4f21 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:66
            and "AWS_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca61cbfb6db49264 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:67
            and "AWS_DEFAULT_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #889e261509a33623 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:190
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e771a1be2aa46f6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:27
        self.conjur_addr = os.getenv("CYBERARK_API_BASE", "http://127.0.0.1:8080")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957e4070bfdc421e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:28
        self.conjur_account = os.getenv("CYBERARK_ACCOUNT", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a7691447011c1a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:29
        self.conjur_username = os.getenv("CYBERARK_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4d09a48644a74f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:30
        self.conjur_api_key = os.getenv("CYBERARK_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5817f4ef6e792ad Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:33
        self.tls_cert_path = os.getenv("CYBERARK_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73dc24310d88c035 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:34
        self.tls_key_path = os.getenv("CYBERARK_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c26a2b48d3b1ab Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:38
        ssl_verify_env = str_to_bool(os.getenv("CYBERARK_SSL_VERIFY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe6c3a54e5c4ef65 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:51
        _refresh_interval = int(os.environ.get("CYBERARK_REFRESH_INTERVAL", "300"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d946d0f2d914c6f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:12
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de3b40ac5f3030a8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:13
        and os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ae32a4cfdf9c833 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:14
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b404f8cecab82934 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:17
    elif os.environ.get("AZURE_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137c1ede7732ac2b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:20
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f8b72b46b5abbd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:21
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fa6fb67d0154da0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:22
        and os.environ.get("AZURE_CERTIFICATE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7d581c0e11f4bc1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:23
        and os.environ.get("AZURE_CERTIFICATE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66e446ecc77d19be Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:26
    elif os.environ.get("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061e5ee36565ffc2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:28
    elif os.environ.get("AZURE_CERTIFICATE_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29244d2b1380ee62 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:65
            os.environ.get("AZURE_SCOPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adc0d8d80c734719 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73
        or os.environ.get("AZURE_CREDENTIAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b5e4de1b850b67 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:90
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a7f99ad4752151 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:91
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12cb3932e4922cad Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:92
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d48c3cf21155b0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:95
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45583aeca4842930 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:97
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0136d566848c35ad Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:99
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56fb528c7b7b84c2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:100
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e52cb704aeeb62 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:101
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dd6bd2875f96bc1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:102
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca968281adecd969 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:106
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089adff952f4091f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:107
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97cf9002f5ecb54 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:108
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b181706cb72c9eb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa575c3fa9d66fe Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:23
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #005648db30783ab6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:41
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e840c089e6821a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca48d9ee801b5f46 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93f3978c6f4f4bf6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(
            "GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaf507f99910643e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2451e0f43cce79 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92508e7f486c87e0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #768fa66b1b1c350d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c46b931225a77b55 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d19fd5704e398929 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.vault_mount_name = os.getenv("HCP_VAULT_MOUNT_NAME", "secret")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb32b576a9172375 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_path_prefix = os.getenv("HCP_VAULT_PATH_PREFIX", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #797e75e7d3b4568b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:36
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a98644f3268d3b57 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:37
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #944c9ef73b0bd4f7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:38
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c05a9626fb1e035 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:41
        self.approle_role_id = os.getenv("HCP_VAULT_APPROLE_ROLE_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #732cb4ff8f8a4a63 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:42
        self.approle_secret_id = os.getenv("HCP_VAULT_APPROLE_SECRET_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6e5cee91a95404 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        self.approle_mount_path = os.getenv("HCP_VAULT_APPROLE_MOUNT_PATH", "approle")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4006988c39b7993d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #227ea8b20631f61a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(
            "HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62966dbe8e4aaf25 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:31
    override = os.getenv("LITELLM_OIDC_ALLOWED_CREDENTIAL_DIRS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60742703ef430475 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:196
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834c7b2ea0c82f77 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:202
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b592e1923a19cc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:208
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d55b4a6002ab1e8e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:209
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d959c3e93765c1d2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:239
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8407e839a824cf Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:254
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00f966024c2ccb69 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:260
            with open(safe_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4792d7593ac71080 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:265
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dfc132ca8b091a9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:271
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #253983ce4b09e3fb Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:274
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a213969af04b4dfa Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:309
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40674920970dff5e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:320
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b37961ccffe9052e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:61
        encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4356c3dc1986bcd2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:88
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #458897f68be80c72 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:182
        secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc8774726814bce7 Environment-variable access.
pkgs/python/[email protected]/litellm/setup_wizard.py:133
    return sys.stdout.isatty() and os.environ.get("NO_COLOR") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d11ea92c8323ccb Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:243
            config_path.write_text(
                SetupWizard._build_config(providers, env_vars, master_key)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34a59a10bb407bc Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:287
        with open("/dev/tty", "rb") as tty_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ee224ef4b99886 Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:54
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bd4e354952142ce Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:91
        api_base = self.api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6289cc50f3c804de Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:99
            env_policy = os.getenv("ZSCALER_AI_GUARD_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0264c36824f6d37 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6268
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b877684354a2cf9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6321
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a6b28a7a1552f21 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6327
                "AZURE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbb3119a118891ec Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6328
                and "AZURE_API_VERSION" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eab79842a3acdc83 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6329
                and "AZURE_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b1367b31a681e34 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6338
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2caade78080c53ea Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6339
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a364180db4123b8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6345
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f115003d4137b59 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6350
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c880e8b94439ec Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6355
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #979d7a7ce1692806 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6360
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf251dee9a4790a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6365
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01bad5ee4df30d04 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6370
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81a753bed007be78 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6375
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34b0ad1058610985 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6380
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f7a4df2b1a15054 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6385
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #159dd5b0dad99b98 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6390
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdb0c77c5c231bbb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6395
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ddf33fa3dca172e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6400
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6996c6273171ba95 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6406
                "AWS_ACCESS_KEY_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bf8b32b6e135b1e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6407
                and "AWS_SECRET_ACCESS_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fffb2aefd7723aa Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6410
                "AWS_ROLE_ARN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d7afb2f07896eb2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6411
                or "AWS_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38686b333639015 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6412
                or "AWS_WEB_IDENTITY_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77b9b38a791d41cc Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6414
                in os.environ  # ECS task role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af2760939cde8dfd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6416
                in os.environ  # ECS/Fargate full URI credential delivery

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac4bfd7a8887d08a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6423
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #430804a69127916e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6428
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9804769c617f6cd4 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6433
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0678944659920062 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6438
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96cdba48ada54221 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6443
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532f0ecb685dfb1f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6449
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816f3998543d7a1c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6454
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649836ad4df0c3e0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6459
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e7a35e6632f5f3d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6464
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #749f265ac588f092 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6469
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68cd04fa0601ed69 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6474
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28824eb9f2db10e9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6479
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e55810f49bbeff98 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6487
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b30f77126d2ead9a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6492
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c3c0c38fab76e6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6497
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef2d204ecbf0c67 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6502
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cb6e99b11194bd6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6507
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a770e62f287293 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6512
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3acde897d089fd3b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6517
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850e61613eb809ae Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6523
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0d37ea0b46ff69 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6524
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f28ab107ec53ea13 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6525
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb8b692b03c885a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6526
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6142c0f5599f89 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6532
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e0508001b25b82 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6533
                "CLOUDFLARE_ACCOUNT_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b798cb2cef3e63 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6534
                or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0590596af1fe2a23 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6541
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111e179cd4fd60df Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6546
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8acfe7007ad22a7e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6551
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4db33b53d152f73 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6556
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ce29e3b976b1c5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6561
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #242784b8397badec Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6574
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98ab3ef3be7cc957 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6581
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32a26e938584f04c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6582
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b07f96ace8999c22 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6589
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c5db9fd38803c2d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6595
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92948941c15e7cac Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6601
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14006fe4f4cf721e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6607
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66ab3e5b7ff95e5b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6613
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2b461670d532b3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6623
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d83810c17591cc17 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6629
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ddc847e431ae48 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6635
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a03660f245c159 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6641
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef00fca88b4fcd01 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6647
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86a68a59d2a92103 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6653
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5768fbbb68fe1c3f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6659
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2c456b74209a929 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6664
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e94e43f4a1849aeb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6669
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2097c5756312cba Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6674
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50562b7c3e4b9c3c Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:7061
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3d580dabf95e2e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7338
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ca8e68a0cfd529 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7402
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-aiplatform

python dependency
high pii_flow dependency Excluded from app score #b7d6c80b5c3678a9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #965d71e5cb1f8399 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5efc5c97c630df72 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #fe1a022569b6a8c3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #47a661fdebf9894f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #a05c75ab7e07493d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2191
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #953f9f42795c489b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2205
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ab5357efb06309d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2233
        import opentelemetry.exporter.cloud_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e391e0a30d3ec46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:106
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd2ca3cd947c65fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:284
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0ae51ca5dc81de34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:285
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43e214d7c2af240c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:293
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3e6e7bdd0c332f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:294
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99e1248620dd0704 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:371
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92a69ba8709fb862 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:372
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b1dfe2d0f6e11ce0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:373
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #01bf7b1b1087e3b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:374
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4099cf9aa3097184 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:381
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #374341403fe0fe62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:382
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b01bb9157fde0dba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:383
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f49181a3c45ebe4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:384
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af0230541dc43873 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:385
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b6f748a49618245 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:386
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f36719121019dbb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:419
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c93ad8f8ff5e61dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:420
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec23dc0433d519df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:496
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c35b9a60b54ad5dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:554
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d0360ea06ef4f2e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58d81049fcc8a90b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4d5d03c54e39c38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f69a9989ce0f3c08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95ff902585873ce8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:712
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #934e7487a0dd4070 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:726
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a4fa48a8c2e46eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:754
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d11e82f790f4e82a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:90
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21c373992f792dd7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:268
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b77311693852804c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:269
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4aed44f310a06c65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:277
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65cecdfae4121e58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:278
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9971d3eae79b709e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:355
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef3226fc3f7175e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:356
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae34afc665a57f30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:357
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7f5931ca3b8c74d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:358
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4cf4d59b425ca84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:365
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be08ef9e6d72777a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:366
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0911724738151286 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:367
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b31f08368c5f12b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:368
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3d6b514a8cbc242 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:369
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4922bab74d8bb873 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:370
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eac27a1d0e761dba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:403
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a7314db0906ea97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:404
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #528f3a2fec008e78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:480
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #777ac7c72ac246f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:538
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #584a95dfcf504ab0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc5e5028d0cd5755 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3bef07c60fe19e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31016156f4339e85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:91
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #784b3b2777358c78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:329
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f41d3cd548355bed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:330
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e1367f98258c0f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:338
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0e944b78539fee6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:339
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05a4b7ba0dfe6d38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:406
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20729ce7abe03e42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:407
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #259aa7a0150af191 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:408
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86213a4f7868cda6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:409
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fadc09710896e06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:416
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5def3630980b3fd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:417
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6f594ec7720238a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:418
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d4e5e984011e6cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:419
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #172f6facf0e96576 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:420
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61a37d5b2040bb67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:421
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f14cd6638276188 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:454
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c83b2b773a630e53 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:455
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a9e48e1ec360efe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:528
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a53a045bdca9966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:585
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46f3781cde9307e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cd4ca4b8f4a8077 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d243d98dcf09fe2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langgraph.py:57
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7282c62346c62872 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e08f70f3852cc873 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:365
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7992fe982178ca1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:379
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #59e196d941615b71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:407
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 508 low-confidence finding(s)
low env_fs dependency Excluded from app score #669b874f912c7664 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1463
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a504984e1dfa5368 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2169
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d77bd37524c96e3 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2191
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a53bd9140eb01b40 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2220
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3872f2a4d812ee Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2222
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1650883284bc96db Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_skills_utils.py:46
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8212b2aae33b3ffe Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:1930
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #639a7c8af2449958 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:2032
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b51fee2f2b52859 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1133
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ca3a9e51317c39e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1134
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a737d9a180754f Filesystem access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1158
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dca5010cc84f28af Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1372
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #312c960aa8adb471 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1375
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7e66ee2547cf89b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad711128bdba842 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c3abcd89cb3b1e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7099a7451840d66 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a1cf08cf727d010 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cc46b1a15657a06 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f589b9ece6746b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:365
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f5386906f25b68d Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:403
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aeee08699c766b1 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:406
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3abdb5abcc296521 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:407
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #841f9b2bb033e479 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:519
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3f8a87df389685a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:526
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3c6248b43f182a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:537
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #799f3664ac15760d Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:636
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5409c77262ca179 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:674
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cedad08a4ce98d2 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:787
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e1bba2651d5b3f7 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:957
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e809d62fad45e53e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:960
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3b94b502e2fe97e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:963
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd859b547b8107bc Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:964
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b4f7f5c08add7c Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:965
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83c415ee18b36bbc Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:966
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c668f5b0984123e8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:967
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bfbe547022ba2d4 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:967
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #344905203725820f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:973
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50dc3789f0bcffed Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:975
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #556731d8219fbd3b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:976
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0963f7fe5407461 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:977
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a27ca5b0768bced5 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:984
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85fc92991fe91ff8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:986
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30592fe7e5e273ad Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1032
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2b86b1c946dfb3f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1033
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cabdb7a630e1429 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1033
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f325c6cce73cc149 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1048
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5799e5e10e2176d Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1059
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #336099559d520372 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1071
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d6d30c6a2639261 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1080
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d2a50e0122637e1 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1093
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b74544515d80a9e9 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1105
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4090bcd0d00fc704 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:2114
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5569f9674c0bca20 Filesystem access.
pkgs/python/[email protected]/agentplatform/preview/rag/rag_data.py:449
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59cdac4215a6ee1d Filesystem access.
pkgs/python/[email protected]/agentplatform/rag/rag_data.py:427
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9035b68aca47a879 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/docker_utils/run.py:52
    return os.environ.get(_ADC_ENVIRONMENT_VARIABLE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfe949faaf56c95 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/explain/lit.py:219
        if os.environ.get("LIT_PROXY_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e75c3a0901149ac1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9da8a245255d039 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(
                "CLOUD_ML_PROJECT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef6f1df110844dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:379
        location = os.getenv("GOOGLE_CLOUD_REGION") or os.getenv("CLOUD_ML_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eaf9fb0cd14a576 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:429
        vertex_product = os.getenv("VERTEX_PRODUCT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c210f894bfc97ec Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2147
                with open(autolog_script_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0424f18a18ee839f Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2157
                    trainer_script = open(script_path, "r").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55879f2deb8365ab Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:60
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ed9ce0d44651b04 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:156
    with open(model_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222bc5042bc3b4c5 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:340
    with open(example_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d4c6df66b8fddcc Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:895
            with open(destination_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7edd74bb8cf5b91 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:267
        if os.getenv(constants.ENV_EXPERIMENT_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37566c933e2beb15 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:269
                os.getenv(constants.ENV_EXPERIMENT_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8d0b8b074abe87d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:280
        env_experiment_run = os.getenv(constants.ENV_EXPERIMENT_RUN_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d854c2fe4507ff1e Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/local_endpoint.py:396
                with open(request_file) as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86e293e83848b9e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:61
        if "HANDLER_MODULE" not in os.environ or "HANDLER_CLASS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f0a97aee740ccee Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:66
        handler_module = importlib.import_module(os.environ.get("HANDLER_MODULE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cb6fdd397ceacc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:67
        handler_class = getattr(handler_module, os.environ.get("HANDLER_CLASS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61f4785dff627428 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:73
        if "PREDICTOR_MODULE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd654f1b6be4051 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:75
                os.environ.get("PREDICTOR_MODULE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7f04243e054a21e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:78
                predictor_module, os.environ.get("PREDICTOR_CLASS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bec210f9ce3021b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:82
            os.environ.get("AIP_STORAGE_URI"), predictor=predictor_class

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3871b3996de13474 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:85
        if "AIP_HTTP_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f18383d54fdd94c7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:90
            "AIP_HEALTH_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e2b98bb1e854ee8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:91
            or "AIP_PREDICT_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdaabfe5dec07277 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:97
        self.http_port = int(os.environ.get("AIP_HTTP_PORT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4f11d7bc0ed952 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:98
        self.health_route = os.environ.get("AIP_HEALTH_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe5d2397e84466fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:99
        self.predict_route = os.environ.get("AIP_PREDICT_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #764489f296069ffc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:183
    workers_per_core_str = os.getenv("VERTEX_CPR_WORKERS_PER_CORE", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a34508c9132171 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:184
    max_workers_str = os.getenv("VERTEX_CPR_MAX_WORKERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #476d42ed578785ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:188
    web_concurrency_str = os.getenv("VERTEX_CPR_WEB_CONCURRENCY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8451da5679b63145 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:198
    os.environ["WEB_CONCURRENCY"] = web_concurrency_str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #112849ec47ea4492 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:200
        f'Set the number of model server workers to {os.environ["WEB_CONCURRENCY"]}.'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e7517e55672f0c2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:209
        port=int(os.environ.get("AIP_HTTP_PORT")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f00931ad2f99062c Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/sklearn/predictor.py:86
            self._model = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d82db850adbac83 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/xgboost/predictor.py:104
            booster = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4bbf5eda9d73299 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:36
    env = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96e0389b3602e7d2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:44
training_data_uri = os.environ.get("AIP_TRAINING_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929b6eff3a95c04e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:47
validation_data_uri = os.environ.get("AIP_VALIDATION_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95948a23b62a187 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:50
test_data_uri = os.environ.get("AIP_TEST_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fcf8d8b3df7b85 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:53
model_dir = os.environ.get("AIP_MODEL_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d438bce6b34d889c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:56
checkpoint_dir = os.environ.get("AIP_CHECKPOINT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ae9f203827a1a4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:59
tensorboard_log_dir = os.environ.get("AIP_TENSORBOARD_LOG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eff59446821353d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:68
tf_profiler_port = os.environ.get("AIP_TF_PROFILER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22573ae05d108c97 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:71
tensorboard_api_uri = os.environ.get("AIP_TENSORBOARD_API_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89382a3ec1ba9f0f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:75
tensorboard_resource_name = os.environ.get("AIP_TENSORBOARD_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83211dd04275a273 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:78
cloud_ml_job_id = os.environ.get("CLOUD_ML_JOB_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f5560eb110f4f77 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:81
http_handler_port = os.environ.get("AIP_HTTP_HANDLER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28667fe493f10f98 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/utils/yaml_utils.py:117
    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5aa35c53569ecfe Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/bigquery_datasink.py:119
                        with open(fp, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc286237e8a097b6 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:160
        with open(model_path, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f48bf638468a62f Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:167
                with open(f"{temp_dir}/{model_file_name}", mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b62b776fb501eb8 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/render.py:26
        with open(pathlib.Path(__file__).parent / "templates" / file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53151bd7fc596f6f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:193
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c66a072eca53a6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:369
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb6f1fcc04390483 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:410
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ccb7b3165fc619 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:411
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb78667b82e74aae Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daf31b2f9dd179a7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:530
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06bba41672b72d3e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:571
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c4e23f6808049a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:572
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a398e3f6414087 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47ca44dde1db4c4b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:477
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fd772debd005b2d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bdc3db9034a6e65 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:521
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #443272731dfac819 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3c504d8780e7ed0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #227baebb06cba40c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #261d26ce9eafee04 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f231fd358c01607 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:191
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ba8a0b548569cd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:367
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6f326f3f3dedda7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fa861e9a98050ae Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:409
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #529bf2a52fde1421 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a6ffbf20d983cba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db72f592f199a659 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #349d579e868b36d9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f45d69da41ddb5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b20523aa616864c8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01058532c57beea4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a7f3bc37b36013 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cff713da370c493 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d1727a2ed495cc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:429
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44225793f642567 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfc7482bd7c5e76 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:471
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f70078cdc9bf776 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #531b4ab50b41a588 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36a270f4f391d7f6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f87b2e06f18e4d24 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #976d35a6b03adc6d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fcf971abba67fa6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:456
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa6449f21fb853c2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:497
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc75ea9dcff4487e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:498
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea28d4b98260242 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c095c6ea63732ab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b8704f8b969b68 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd15b882fde45473 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b08b5d4798d229a2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec877eb008464250 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f45bcf0e56e0612 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecda5228fad77592 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #debac90deb1ac195 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ede7f38da4d088 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93a5623c6a9507e6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b506b1bcd1942378 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd9968aceedfc5f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c2338608d8e9825 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #525501107ce85242 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc915e83357082d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #913aeeef1df8a515 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:228
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be1694e0b85ac4ce Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:803
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44904e4a5d00fd0d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:844
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9be83303c25072e5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:845
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04629c68025c330d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1a62e7fa74cbde3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10b3875196b7cef0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e578bea11f51a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc799adb12e6b4b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4247afc0152aba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb0e8b7a9dffe90b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42ff780707042dfb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b283c89540ea3394 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5850a5b1110d9f0d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca55ca023ec32677 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6b8c71628ac6368 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5abe8c54b2f90211 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb499fc1e65085e6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac1a7cb5b76d1d0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25302698de354195 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b88872a02e4539d9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:195
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6223b155e41a064 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:454
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d264919dcdaa011 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:495
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #454bfccec0c7c6e6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:496
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660c0f3a64015b03 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173378a939f1042c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cafaf7a6a8c946 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:561
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe97568ac5f3bf5f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:562
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edef2de89fe4b507 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:216
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cf2111bc084186a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:543
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4268c4d7aad9e1c7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:584
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66f41f3d0406297f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:585
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #743f8b325c521f2e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f1f3ff9e7515025 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2975a0c4fed6aa49 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:511
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e79cb356353191 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:512
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b558e59d54eaf5c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f0a68963fc2c0b8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:610
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38be1267bb0a5300 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:651
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c3ae64d08afff11 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:652
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a11d82600a44390 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f460b5aea59a98f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #474dbf0ae313e5d3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29924fc919cedfe4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfaa1b66fb3019e9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d32a5ee3e0d055d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26a12a36b9d23ee6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b782b311ca3a855 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aa8fb60d4f2bb17 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48ee25c5883a3c5f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #393d18e81c32c6b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1c7444db6f441d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4256b54aeb0afb69 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa6626158b9346ee Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:648
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12540c483fc844d8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:689
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a8ee89fb78bb1ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:690
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eee5ec75ac122d04 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6822a77c79778a93 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b357c98cd9f6b8b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f5de879d5a707c1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b869199efbe09da0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #757a97620cec43fd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #721c718c7305c30e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7db7b2bd882d7a3f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f51a783d9f0ca179 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79998bfdc82f03d6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #332cf5a8ef24a948 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc07babfb304767 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #694ec937844c6131 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #274534b795888c84 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:509
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #291c3d51e36263b9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:550
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4470f68a039dd88 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:551
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef51bf4febd16f67 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b055a0e5eebe1de1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae045f76cc39609 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69a129b252c36eb7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303a07e6f6c32f09 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9a04860218ad544 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a70991cd2674a28 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58bc10e7515debe7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a3a29c6d551da59 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0325fb59ee550452 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:618
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a756ccc248121e5d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:659
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f68ee191bd57b275 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:660
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc023fe285e78365 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80fab15a6d9d63e4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:479
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5acde6b7451e4b05 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e93c34f6bd532952 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:523
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0f6be3d592059d5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56569b9160829e62 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6c49a9bda0cfb9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e3c9a35517d781 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e6213a8b8f06430 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acd02b91bdaf9f6b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:392
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e6900fee908a528 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:433
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885af688394c3449 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:434
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df81c633b04db06 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1857f7d8568cedb4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:397
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9231f4d1853ee7b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:438
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d074f40189d4655 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:439
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcac939d74b0a4c5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2df5f2c6bb6b4882 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #021dc2082e597f1f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29c1925b48b30e3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08b0a23701ad78f9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0c68887ae50d19f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30fcd0567b038803 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0208cafe1116644c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0616d7763a53b2ae Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9776aa653c2a80d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37d2795daf35d343 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8391704e70a48ed Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fc0bc4a9eedfcc4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1815eb3bb1853053 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b1cef78c698e9c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #207b45fcb6278639 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d2ace382fed407b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:214
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ba40ea6f78142c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e6d012964cffb9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf928783c4152f7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #955d0c4f27c7f0a9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b31f146324d132 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d01d63814b0f8a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46fa377c961966ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4005662866b351bd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4818c0e2e0dcd409 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:458
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b68ad683eaee745 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:499
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b49aff81b00316ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:500
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13b51a33707b7791 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46cae330a371c89c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb9912d3c7406fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e8fa65cb9bcbec7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efb527d44070e635 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #577c5b781429f10b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8afbed264efbfe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3321fe536188efbc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c6c4728d72769b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1bf3e38b0350efe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af2ae3266375c56 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bb70f54d0734c78 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf60b543220161d8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e2f2514149cac54 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb67d6f6f0c14c54 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22ee4de6e0de99d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5fd809c7baaccae Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:230
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2da1950e50052f8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:805
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27ea3838b08f46f8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:846
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e602adb6f55d3d78 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:847
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2571d065f80695cc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #391fb8be4fe5f015 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #600da1375c030d10 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db92b49fbe694c0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dbf1a7b272aece0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6797e4874209cd8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0b73ff39cb6ba0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df54601611872b22 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79525db9942c6812 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42810a221ce7b1ab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56b8884bebea575c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3882171b73fdb2e5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55179c1777cba048 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a951c5e1d7e5dc4a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0257867957f55655 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c73bf0c472f3bcf9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb9d337ba5f6eda5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1103c2b445cc4b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da77e42684f542d0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb56ab05f4ef73f0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78b0f3c17d802829 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29039df117dc70ac Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2547092bbad388d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:496
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93541092de76ccfa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:497
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfca026cf056f22a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929da3159f7a5420 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:567
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45cfc1017b845f70 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:608
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab9ab6e0aca3d6da Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:609
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d35c70c2565b0a2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f1f55eec58ff096 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f7f351ad12f069 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c4525a6ee9def58 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563b06bd6224d9be Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:218
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a325bb67723d4795 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:545
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f33ef470eb878afa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:586
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0e5712e54d6d52 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:587
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1bd03ed3f45d5f3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:204
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b383fdd6997ff28 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:402
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6890739a46dfd15d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:443
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af4113bbb688b14 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:444
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3116e7b9ede79c0b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096dc57465449253 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:492
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e650a4037eb03a36 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:533
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e471259998b8cd98 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:534
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c2f70859eacde7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012b9b72de3fd9b1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:612
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b852245b3f6999e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:653
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5e86bf5ae823a0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:654
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eec16a99f4f9a4c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dcda2cbaf269816 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #440b10a3545bc923 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5395609ee5dc865 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74ff2141502f3947 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d8077b678982384 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbca28fd333f6c78 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcda9627f8dea5ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66e9bea62603e714 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:215
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b58e793c9f6588fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c9eafed7024a3d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:528
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #902bcfe5913c789e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:529
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1ddc924f6d8a353 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac68efb75c110b52 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:493
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68dd108be778a352 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:534
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aecd767231a14ce Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:535
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #251a990d17166a40 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0e53faf2d405486 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:761
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7028bc896c2041bc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:802
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #208d120d71339406 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:803
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9336cb38c6d5690b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8d854fd961e6c9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f85eddb23d81f5b5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbfaceac7bff5195 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3173c2c229245eca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8dcc623537c6643 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08e10606e8ddf2df Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55bb30e82e03455b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d2f430cb114b463 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552cf82fd2c8dc3a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf1cb2831ece7e8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a66a68700f16e1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #240eeddea1edf3ae Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fa3f6415012a131 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:559
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92865bea4677e790 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:600
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a8b225b58715cb5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:601
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d4f1ef3cf861fd8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99daae20023558dd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3233abf789154347 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc18dd15d1ca110 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fedefe26e8e0286c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3529f40d97fb9d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bac50a89436e224 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a431a106ef4aafc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e5534393f4156ba Filesystem access.
pkgs/python/[email protected]/setup.py:28
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #977f5d1825cfdd48 Filesystem access.
pkgs/python/[email protected]/setup.py:32
with open(os.path.join(package_root, "google/cloud/aiplatform/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc87b081bff085b Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1461
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8466ab446a6312fd Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2150
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5021ad54cba789ee Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2172
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f84964006a7c845 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2201
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd187d91d0dc6f90 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2203
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb999ffdf29fa8d Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_skills_utils.py:50
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ecd3ad7622faf5c Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1837
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d6680cba3e8ef0 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1939
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4ff462e4231842b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1131
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b684cdf77d41310 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1132
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06b948e2573dff4f Filesystem access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1156
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac379e61c80121d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1369
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eab3155880c2c57 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1372
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8798f238e78a9e3 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c47fe224a29f6fe Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1665a301138bd1e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6156cdffe5e8cd9e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee0eaf64d6d5eb28 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6646d108411edf7 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf49242d5c803eb1 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:349
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acca9a2aff209e7f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:387
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeb75f3bf10c8173 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:390
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d8545a799524932 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:391
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2151ec4acb5f969b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:503
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c787921aac691e80 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:510
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9faeacc123c81e95 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:521
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ce378323a1e4fc Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:620
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #107d1377c9f3e330 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:658
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66205bb88605a9fb Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:764
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de96bf364a6f8d6 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:928
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dbf47d0f3ae4ebc Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:929
        os.environ["GOOGLE_GENAI_USE_ENTERPRISE"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c46a2d0b2d60e8e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:932
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39ecd2cccc647746 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:935
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97656114adc53fca Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:936
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8552c786b8989e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:937
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98ab95df8b4102a3 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:938
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a5c7d8805b52fa Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:939
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc0750a0c2e99465 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:939
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be4a7ee2ec2cf25 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:945
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4f53f7bb6a7ff55 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:947
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e4c3ab863c20b6 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:948
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bdb886ac01a4451 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:949
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d493bcd93c2ee55e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:956
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69874cf97c2906f7 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:958
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd66b908b3906c0 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1004
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b76f106f05e6071a Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1005
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b61a46654c292888 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1005
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3b8bf789ea7253 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1020
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c677d8e6d13c254 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1031
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691e41be02bbcc06 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1043
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #430708c9d5849c26 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1052
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bea47b9eab47956 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1065
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c253fd3a2c60ee1 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1077
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ede91b110dc42a07 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1810
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dfcd931eb95e89f Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:214
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0f207591031b23d Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:323
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2a4b9bc566aef55 Filesystem access.
pkgs/python/[email protected]/vertexai/generative_models/_generative_models.py:3257
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69abc1f09ee464f5 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:72
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f8935b9d82d062 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:203
    with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6132a642f6771b31 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:272
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c23cc1394d168f53 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:408
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3822790984718fe0 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/rag/rag_data.py:490
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b74bc187d392a63 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:241
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3244a7986b5da15c Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:243
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7018a1700eb59a2 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:245
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #109686d8cea3d24b Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:246
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09ea133169101b9 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:278
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a2431d69e271157 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:316
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fd72801e1ed6efd Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:397
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bcd44f453ecba44 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:397
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51499351e1fa760d Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:400
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #075c0802346dabb3 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:438
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb9775b4dccb77eb Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:441
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01a6b51ab9b30183 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:442
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #191457f6f1d4292b Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:550
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d60d66bcfa28b485 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:557
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90ec4012f0e5f045 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:568
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39fc026fd2512703 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:825
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #627cbfeb4ade416f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:827
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68b26bd0699d5786 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:830
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb7245f2dea757da Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:831
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c22e878adaf740b1 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:832
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb9349a15ece537b Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:833
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fce13f818fdc8107 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:839
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a785ac0ee81c39b0 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:841
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b204483a46df7627 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:881
            os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda2099ae7b0cb0a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:882
        if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92395889799b73b5 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:883
            self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11635bf743dc28c5 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:883
            self._tmpl_attrs["app_name"] = os.environ.get(
                "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                self._tmpl_attrs.get("app_name"),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8da5af13faa12f08 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:897
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #832722bae5cd9a74 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:907
                        agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a52ea5ebf1aff7bc Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:922
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539937c9942973a5 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:931
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5142d0f1c074e6fe Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:942
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #924600b5e655c9b6 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:1666
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59776e8f01747062 Filesystem access.
pkgs/python/[email protected]/vertexai/rag/rag_data.py:429
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b987c06e48a44f6c Filesystem access.
pkgs/python/[email protected]/vertexai/reasoning_engines/_reasoning_engines.py:603
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dea0ad9f7282005 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:84
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5dddefb3f6e493 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:98
        with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #000f0f29eb4f1812 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:186
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4582b9ba3d1b2721 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:531
        video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
high pii_flow dependency Excluded from app score #c6d01bbc50721db5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
            self._owned_http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #da98f6154b25f10a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
            self._http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 90 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #53c3a9fd7c867f47 Environment-variable access.
pkgs/python/[email protected]/examples/agents.py:9
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f6cd9bd9b20e4c74 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:18
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #044d2f3aba9b3ed6 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:20
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6db83c1912d903b5 Filesystem access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:47
    with open(skill_md_path, "rb") as skill_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #da549db97e138f9e Environment-variable access.
pkgs/python/[email protected]/examples/agents_with_files.py:10
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19d4690bb155e97a Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:46
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b364da91da385315 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:64
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a6719fd7ca462ba0 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:48
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #edf270e9f9e94566 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:60
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b85e51dc0f8829d0 Environment-variable access.
pkgs/python/[email protected]/examples/workload_identity.py:70
        identity_token_provider=lambda: os.environ["ANTHROPIC_IDENTITY_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e37a1f1f40a40041 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:107
    if api_key is not None and os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2be3a8042eccc14 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:109
    if auth_token is not None and os.environ.get("ANTHROPIC_AUTH_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #742458a76181d190 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:214
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b2180feb23e7dcc Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:215
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccc4afd5632f1bbf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:221
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc58d8cc432be742 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:225
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50b03d875c6072d2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:234
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a397710e435a6cb4 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:631
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c48e1fb49416d1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:632
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc508b0bf5132786 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:638
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f053e1d74174093 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:642
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62804172eb0285c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:651
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aadb803a75e8c216 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0fc1feb39f0edac Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #689f75acd369ebf5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74fe6c5f6bcfb184 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f977f82e91502d38 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1accd776a96bea5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5059f2f6750f8f68 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #588b64545d5b76f0 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed5bba9175284ca5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45af17c65e318855 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2961e7eeee662d38 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:250
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ab9552c7b0b297 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:418
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4bc766b8d5e3507 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f09a105ca60c7dd Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15af3fb5f829f070 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf5d4b0b90d947d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:25
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1d25dc51efa2eab Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:90
    return os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f4ca2b60afbbcf7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:77
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b889d32dcd185f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:165
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241dc4894d285cda Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:190
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #045005618221e3d5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:345
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee506fb04eac3230 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:370
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6506aadd7f477e46 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_mantle.py:144
        base_url = os.environ.get("ANTHROPIC_BEDROCK_MANTLE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0f4b3b030cbc640 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:33
    federation_rule_id = os.environ.get(ENV_FEDERATION_RULE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d410b0c72e8c8b6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:34
    organization_id = os.environ.get(ENV_ORGANIZATION_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f27551bd0341333 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:35
    has_literal_token = ENV_IDENTITY_TOKEN in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17babafb161e0ef Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:50
            value = os.environ.get(ENV_IDENTITY_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6ae1696d96bec51 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:65
        service_account_id=os.environ.get(ENV_SERVICE_ACCOUNT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d1402c2e2d4ce70 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:69
        workspace_id=os.environ.get(ENV_WORKSPACE_ID) or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65254869d9b1cede Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:70
        scope=os.environ.get(ENV_SCOPE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbae03ebedbb6782 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:108
    if os.environ.get(ENV_API_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65ee284122bc91b9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:112
    auth_token = os.environ.get(ENV_AUTH_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2699e4688ac0d5d0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:119
    env_explicit = bool(os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d46194f9aed0ea2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:78
    env = os.environ.get(ENV_CONFIG_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e80db53ef093a9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:82
        appdata = os.environ.get("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebed34e39ecf99d5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:92
        name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdb272a92c98cada Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:105
    env = os.environ.get(ENV_PROFILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4da05a1e06ae604b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:224
    env = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cafcef3ee423158 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:240
    if os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deda84c3f1243da4 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:244
    if os.environ.get(ENV_FEDERATION_RULE_ID) and os.environ.get(ENV_ORGANIZATION_ID):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c27b022b6a52bb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:245
        if os.environ.get(ENV_IDENTITY_TOKEN_FILE) or os.environ.get(ENV_IDENTITY_TOKEN):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93e79fd570b58d6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:88
            v = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ae006c10325884 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:102
            v = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #138d306a0e0cc780 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:128
        value = os.environ.get(self._env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fd2b62c26c29b6b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:276
            raw = self._config_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ab56b4f9c7acbd Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:357
            raw = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b2d5d499263372 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:692
            content = self._path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8055df0b1210cc8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/environments/_worker.py:160
    resolved = value or os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1587f10070a0c2b7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:157
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e110a4a68bb969d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:158
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08b1ef8ceaa91819 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:159
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e762cf4f69dbc204 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:382
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb58988728e2459f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:383
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6af8d7061ac2f4b7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:384
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f614ccff65228a4b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:356
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b8e336873bad7b4c Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:653
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29240c28a597b0d6 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:138
                with zf.open(info) as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29790fc5174730d7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:164
            with extracted as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #873ce134f4fec10b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:123
    return {k: v for k, v in os.environ.items() if not k.startswith("ANTHROPIC_")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5eebc1c00f186849 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:512
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8005aa779d490ad0 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:540
            target.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1b685c0e9d133d8d Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:570
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #db6b5a459b853617 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:582
            target.write_text(updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1d15498417d4ed9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:46
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16eba3441cd9d8d1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:114
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4793d585a8afcf5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:121
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f4811d6a00cbd7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:278
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cb2c2c2d2ec4b07 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:285
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
high pii_flow dependency Excluded from app score #36ff97bab163a6a7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:258 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/openai/lib/azure.py:221 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/openai/lib/azure.py:258
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #6b49351cff49671b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:543 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/openai/lib/azure.py:506 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/openai/lib/azure.py:543
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 59 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #2e5b09b484b2133e Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #38dc77d462f01f2f Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #40e94df0a9e37acb Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #92f2dfba0a2885a7 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c6fbbcbddf70e2a3 Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece991f5ba5ffa88 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:153
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4de884ed3b889ba8 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:155
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dded32f8faaaaa4 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:157
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a7cd249588086a3 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:159
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9933c4d3ec893f4f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aa0aec4568c83ae Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:296
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f11abc95a698631b Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:301
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d51fb5f6d54b7e0e Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:317
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13769b58fc57f5c0 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:320
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5903f69e8cdf709 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:323
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20259677d4cab778 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceff1a929408c0aa Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3d9602af9b41a76 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:156
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aed614ef256760e9 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:170
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b49d2fefb6d3d798 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:174
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5993b3b51491fb40 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:178
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba1d05295f59c9c Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:184
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f572c0884aebd32 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:585
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a2c6c4cc0a20b35 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:599
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc355e39943f4a3 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:603
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0640406784d84c4 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:607
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444ae97641b29ade Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:613
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3e95dc9df8cb514 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d99bae83d925981 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #926a09164fc0bf97 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061f5f8a461aec32 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103783ec176aa13b Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4f6fc7852d0d2a8 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c7cf6189b7a0d66 Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e13bf3b808df58b Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcfe4d587d2d5033 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d070004607cc05a7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ac1c69afa5dbca Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e48cbd4be2831ade Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c8d9c7115e444f9 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:372
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dceff6042952bce4 Filesystem access.
pkgs/python/[email protected]/src/openai/auth/_workload.py:61
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763d7273c4c66f06 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #620548bc1e9f218f Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ad911b3f57e99c Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #804823ad5cc02d39 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b7ee62936b3d70 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d7164fa2334a58 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced2444bda8939bd Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f7165f3cacb79a Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c982ff43c804f76f Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e5e462f3e5f9be2 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84bbec5f0ca74e3c Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4e396c8587c645 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:199
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1e4248db6a9c0f7 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:207
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda3f95b2640b26a Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:221
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45519f6c2fbb85f7 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:481
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e2fe4425df4fd18 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:484
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7364199dc46646fb Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:492
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37e6c1d975471a86 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:506
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
high pii_flow dependency Excluded from app score #56e3c1e71f5a0d1f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #f27bb88166cfe5f0 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efce6e88039af1d8 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06e2d2ead780411b Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #877940e194f15d3d Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ce129f2737ac5bd7 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0783e5d53f56c29d Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fc25f9fa597a5953 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a7d3edeeddc56916 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d0ffc9441b6e78cc Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9ba24e5a8d97b490 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4335f5b411f82e75 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e1d3622df994905d Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e8e05717eedb769 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88312f9930e4cf24 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0355efbde41ffe15 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3f9e20430652e4b Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2eb2e89722e9753b Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #10af558d334676a4 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b9e727eda74fce09 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0cf2062751eedab4 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f4923c168f74d811 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a2663d46925105b9 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #61e3a79abc971824 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39568ec365e7c6b2 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c780fff33056b950 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c68e355dd0d225f5 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e578e6fd3c060d Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5317ca2f3ccff199 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2d7915d31e9680 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbe57d929631c364 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b30b6d560cbbe7c Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-sdk

python dependency
high pii_flow dependency Excluded from app score #5c18d82c6f1e230a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:129 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130
        return httpx.Client(
            timeout=self.timeout,
            headers={
                "Authorization": f"Bearer {api_key_value}",
                "Content-Type": "application/json",
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 74 low-confidence finding(s)
low env_fs dependency Excluded from app score #0373016b10b4db75 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:114
_USAGE_UPDATE_TIMEOUT: float = float(os.environ.get("ACP_USAGE_UPDATE_TIMEOUT", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89631485175e4ed Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:119
_ACP_PROMPT_MAX_RETRIES: int = int(os.environ.get("ACP_PROMPT_MAX_RETRIES", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87fab427bf97f17e Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:124
    os.environ.get("ACP_CANCEL_DRAIN_TIMEOUT", "2.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7961f6eee7d40cd1 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:302
        data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e20892d06ee3d9d4 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:2334
        env.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #861427f3bb701b79 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/base.py:85
        with open(_SOUL_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ec8ecfe20a6fd3 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/base.py:397
        return (Path(self.prompt_dir) / filename).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51f8e99fa74c5642 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/banner.py:20
    suppress = os.environ.get("OPENHANDS_SUPPRESS_BANNER", "").lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c44a351096e0f493 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/context/prompts/prompt.py:36
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734d2ccc1696c3c0 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/local_conversation.py:576
            data = json.loads(base_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7cd496b6432ddbc Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1003
        ws_timeout = float(os.getenv("OPENHANDS_REMOTE_WS_READY_TIMEOUT", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1f8c25dd61979fd Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1005
            if os.getenv("OPENHANDS_REMOTE_WS_READY_REQUIRED", "true").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cf3d69f70bf8395 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1078
                with open(log_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #398cea2120dbdc94 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/critic/impl/api/chat_template.py:59
        with open(cache_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a367895e2b9cdc6f Filesystem access.
pkgs/python/[email protected]/openhands/sdk/critic/impl/api/chat_template.py:75
        with open(cache_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bae842d824b59955 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/extensions/installation/metadata.py:153
            return cls.model_validate_json(metadata_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d870fb5df2137493 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/extensions/installation/metadata.py:162
        metadata_path.write_text(self.model_dump_json(indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3554e6eb60149d50 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/git/git_diff.py:120
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #899d5a96e281bf7d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/hooks/config.py:302
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d947b574651086fc Filesystem access.
pkgs/python/[email protected]/openhands/sdk/hooks/config.py:348
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8701edb53296e1d7 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:65
            with open(full_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80a3231ece44b55f Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:69
            with open(full_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a1ca534046e825e Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:83
        with open(full_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09ebc67328b5e5ca Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/auth/credentials.py:86
            with open(creds_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51a7a4c2cfd18ee9 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/auth/credentials.py:101
        with open(creds_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #211c4150574daa1d Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:2465
        if os.environ.get(ENV_ALLOW_SHORT_CONTEXT_WINDOWS, "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61a56e2953b3b97 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:2987
        with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5316abaf54eba734 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:3035
        for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccab844cd4a5ba63 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/llm_profile_store.py:299
                    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d796dd01192cc9b Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:43
    os.environ.get("OH_INLINE_IMAGE_MAX_MB", DEFAULT_MAX_IMAGE_DOWNLOAD_MB)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d3a6ca4aaffce9 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:49
    os.environ.get("OH_INLINE_IMAGE_CACHE_BYTES", DEFAULT_CACHE_MAX_BYTES)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f40c023e8ad17d5 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:55
    os.environ.get("OH_INLINE_IMAGE_FETCH_TIMEOUT_S", DEFAULT_FETCH_TIMEOUT_S)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf52285ac747c74 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:62
_ALLOW_PRIVATE_HOSTS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a5abe171275c46 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:62
_ALLOW_PRIVATE_HOSTS = os.environ.get(
    "OH_INLINE_IMAGE_ALLOW_PRIVATE_HOSTS", ""
).lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #597eb7b2f2e22c57 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/telemetry.py:162
                with open(fname, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #238f0a303799c567 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/telemetry.py:380
                with open(fname, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10bcf2b191e24061 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:29
DEBUG = os.environ.get("DEBUG", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c20cff89c5edfbed Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:30
ENV_LOG_LEVEL_STR = os.getenv("LOG_LEVEL", "INFO").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca2744c6bc78b76e Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:35
ENV_LOG_TO_FILE = os.getenv("LOG_TO_FILE", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edf85e723c48408b Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:36
ENV_LOG_DIR = os.getenv("LOG_DIR", "logs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6ed2b4acaf57c85 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:37
ENV_ROTATE_WHEN = os.getenv("LOG_ROTATE_WHEN", "midnight")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ea0e7a2f75da7c8 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:38
ENV_BACKUP_COUNT = int(os.getenv("LOG_BACKUP_COUNT", "7"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f50c9ac8e4c79434 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:41
ENV_JSON = os.getenv("LOG_JSON", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ebfc124c88181ef Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:42
IN_CI = os.getenv("CI", "false").lower() in {"1", "true", "yes"} or bool(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1507ab7347ca54e0 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:43
    os.environ.get("GITHUB_ACTIONS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0fe83003a010b15 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:45
ENV_RICH_TRACEBACKS = os.getenv("LOG_RICH_TRACEBACKS", "true").lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f77f8e3856f53be2 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:52
ENV_AUTO_CONFIG = os.getenv("LOG_AUTO_CONFIG", "true").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d0a43c2529d50c8 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:53
ENV_DEBUG_LLM = os.getenv("DEBUG_LLM", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e6f953af9ea2abc Filesystem access.
pkgs/python/[email protected]/openhands/sdk/marketplace/types.py:256
            with open(manifest_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a86d92f1e941b6bb Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/observability/utils.py:10
    return os.getenv(key) or dotenv_values().get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da187c1040bd6d87 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/plugin/plugin.py:353
            with open(manifest_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d6cbc959516635 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/plugin/types.py:300
        with open(command_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7984437013b8cc Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:203
                data = json.loads(profile_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb66fc7da0e77db1 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:253
            data = json.loads(old_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0f48ea0fcab3dd Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:277
                data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b074465795389201 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:306
                    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #110d1936ad9c6ad2 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/secret/secrets.py:31
    base_url = os.getenv(_INTERNAL_SERVER_URL_ENV, _DEFAULT_INTERNAL_SERVER_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #555790f1aba67035 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:96
        env_key = os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faf7a4a176139ba4 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:106
        env_policy = os.getenv("GRAYSWAN_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #069c1d7040eb014d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:381
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e0e2c719529150 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1092
            content = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dccc30da0642b597 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1124
PUBLIC_SKILLS_REF = os.environ.get("EXTENSIONS_REF", "main")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d9daa9c2e12acc4 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1177
        with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c5160832d0117ed Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:98
        if check_env and var_name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe9e783672431bfc Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:99
            return os.environ[var_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4dd93744c7e1eae Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:245
        with open(mcp_json_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e4a60a025ea2e87 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/subagent/schema.py:356
        with open(agent_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f93cbf9f324c4845 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/utils/command.py:37
        base_env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84cd0678252b665 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/utils/truncate.py:42
            file_path.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c85ecf2a7e05c7 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:297
        callback_url = os.environ.get("AUTOMATION_CALLBACK_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa651320b6585e9 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:301
        callback_api_key = os.environ.get("AUTOMATION_CALLBACK_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b87473998185d3a Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:302
        run_id = os.environ.get("AUTOMATION_RUN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c07e3742b7a3302 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/remote_workspace_mixin.py:226
            with open(source, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd67ea25099c7518 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/remote_workspace_mixin.py:299
            with open(destination, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

poetry

python dependency
high pii_flow dependency Excluded from app score #10821a20d8fe3767 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200 · flow /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/poetry/utils/authenticator.py:197 → /tmp/closeopen-55rn3php/pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200
        request = requests.Request(method, url, headers=headers, auth=auth)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #c833b117edaafaf9 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:245
        for env_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb80f8cd399d8e5 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:249
                    "url": os.environ[env_key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d19599298bc639f Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:261
        for env_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d879fc623256faf0 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:263
                if not build_config_setting_validator(os.environ[env_key]):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d19aebc543e29d1 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:269
                    build_config_setting_normalizer(os.environ[env_key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b9ab4b1cd1e2ae1 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:337
                env_value = os.getenv(env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb35c3588e18791c Filesystem access.
pkgs/python/[email protected]/src/poetry/inspection/info.py:249
            text = requires.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5df79d6e7fa33378 Filesystem access.
pkgs/python/[email protected]/src/poetry/installation/executor.py:886
                url.write_text(json.dumps(url_reference), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32e78661ee0dcd3 Filesystem access.
pkgs/python/[email protected]/src/poetry/json/__init__.py:15
        (files(__package__) / "schemas" / "poetry.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94a34343c4724c92 Filesystem access.
pkgs/python/[email protected]/src/poetry/json/__init__.py:27
        (files("poetry.core") / "json" / "schemas" / "poetry-schema.json").read_text(
            encoding="utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9bd39d1073017d Environment-variable access.
pkgs/python/[email protected]/src/poetry/locations.py:16
    os.getenv("POETRY_CONFIG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd20861116fe103 Environment-variable access.
pkgs/python/[email protected]/src/poetry/locations.py:22
    if poetry_home := os.getenv("POETRY_HOME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85079109f9425ec3 Filesystem access.
pkgs/python/[email protected]/src/poetry/masonry/builders/editable.py:127
            pth_file = self._env.site_packages.write_text(
                pth_file, content, encoding=getencoding()
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5378e9bee95efba Filesystem access.
pkgs/python/[email protected]/src/poetry/masonry/builders/editable.py:238
        direct_url_json.write_text(
            json.dumps(
                {
                    "dir_info": {"editable": True},
                    "url": self._poetry.file.path.parent.absolute().as_uri(),
                }
            ),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0752b1c21d8c8e6e Filesystem access.
pkgs/python/[email protected]/src/poetry/packages/locker.py:273
            with open(self.lock, encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89dc06d981fed3fc Filesystem access.
pkgs/python/[email protected]/src/poetry/packages/locker.py:283
            with open(self.lock, "w", encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28150c67dcf8efdb Filesystem access.
pkgs/python/[email protected]/src/poetry/plugins/plugin_manager.py:316
        self._gitignore_file.write_text("*", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb700f652fb6127 Filesystem access.
pkgs/python/[email protected]/src/poetry/repositories/installed_repository.py:194
            path.joinpath("direct_url.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18daf2257c358d00 Environment-variable access.
pkgs/python/[email protected]/src/poetry/utils/constants.py:7
REQUESTS_TIMEOUT = int(os.getenv("POETRY_REQUESTS_TIMEOUT", 15))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6169e4373723d24 Environment-variable access.
pkgs/python/[email protected]/src/poetry/utils/isolated_build.py:109
        path = os.environ.get("PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74e4723d4e3b09bf Environment-variable access.
pkgs/python/[email protected]/src/poetry/vcs/git/system.py:41
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lmnr

python dependency
medium telemetry dependency Excluded from app score #044571c355bdfbb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:4
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa7fbd2ea94bb7e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:5
from opentelemetry.sdk.resources import SERVICE_NAME

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b1f1341c4b5e25a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a237809bbf668052 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ff246f4b3518abc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:6
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee64d3d14d17b71a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:7
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc02e7d389f39656 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:3
from opentelemetry.sdk.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c47996533ed1c71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:4
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95acd2878c9f8b58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #684a93b8d08cdd0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97fc64906793be20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:8
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1fd4cd2a1ffad49e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d075011ead46f192 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:13
from opentelemetry.trace import Span, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a49100c19f5c07b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d0d5bb312d8ed56 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/rollout.py:14
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f527fb004ad7457 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/span_utils.py:5
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #efd5efcdfba9ca26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5bde91a5ce97167b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:9
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #540dfc4afe30a4e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37a1795420508716 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e395d5ea1b865b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf8213c395c3df6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:11
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a822724cbac384a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:12
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b112dfd937297f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:10
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1121972b6c48aaa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #378c6a259bcd4fd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d50484714d280b8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:11
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #96213dda5e8c8858 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:12
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b608f187e4dc172 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:9
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a048929eb0efd6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:10
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fa598bda6d9abbb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee9ca76c194d6a4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dddd55994789fd78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #918f30e07dbb0367 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:7
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4715c5c444634c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45607b8157e414e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:9
from opentelemetry.trace import Status, StatusCode, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a3146da0c0d6efa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:10
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #378c462fc18fbf7c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:11
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d360ed503311bba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:12
from opentelemetry._logs import LogRecord, Logger, get_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fcd53ff96904806 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:13
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef6adb168dd8443f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:31
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55e6fd09ad0d3703 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:32
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5c94f0aaf4f3b8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72c9f69feadc0351 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:11
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #328257afd510fd4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:12
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82c7ddf68b2a1c61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:13
from opentelemetry.semconv._incubating.attributes import gen_ai_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8adf092afc40fc58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:14
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40a03d23a7d31ccd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:15
from opentelemetry.trace import Span, Status, StatusCode, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03b23331ee346763 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/utils.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de7c2b7ee2bd2e94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a5053be6c841a8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:22
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b7ab557c6e040a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:23
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd45e2cdfd86f769 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:24
from opentelemetry.trace import Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c40fed2339d6a0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:25
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56b80bef729a073f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/span_utils.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d89d7243cde74180 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd83b90be338a94b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:13
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3f96ae89afb5cd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:14
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40dd60671f32513f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:16
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00b77c5047d23199 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:44
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f06e3efe28fe95b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:45
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba1534a6d300bf69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:46
from opentelemetry.sdk.trace import TracerProvider as SdkTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ddb8bf5590d3df21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:12
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa50c4976b705e5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:14
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58eff91a812f1743 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:15
from opentelemetry.context import get_value, attach, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65b8f8a953506523 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:17
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d130235ff7014b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:18
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87a1fb773e30c423 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/utils.py:5
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff9d82fec3aa2fea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/__init__.py:4
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e913ef086df68583 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #23e937cb65fc8610 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:15
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f744c5163a6e2743 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/streaming.py:4
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e0f0fafb777c07b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac8084e02ea8e6f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:14
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #387dabae68f8fb23 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba666b7988d4250f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #916e2859c80bace9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #809ae9c52c0496a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:12
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df820cdd47a8753a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:25
from opentelemetry.semconv._incubating.attributes.openai_attributes import (
    OPENAI_RESPONSE_SYSTEM_FINGERPRINT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e509cb2ecb688794 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:28
from opentelemetry.trace.propagation import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da8b52ad44344b94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:29
from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19b9d4a3da5e7382 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a82bb9ce85d8c544 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:30
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d3800cf6970814e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:31
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4f0d813d26771b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:32
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20f198869a782d27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21c7dbf48cafa1ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #331544e863da76df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:31
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fbcf24951f870c36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:32
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e132682415a885cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd1d3a1ac5a296cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/config.py:3
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27a1cbbe2f1545a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7c5e4157baec79e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:25
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a3d7e005226039b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:26
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d59242d54f8426af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:27
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6193c1a76b248b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef4b97db7e6314dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:11
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64085f8cdd87013e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:3
from opentelemetry._events import get_event_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39ce60d36be0f20a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:4
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20b908309e229714 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:19
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f30476de1051d7a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:20
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79c59899f85e8834 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0302b59f3485a966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:34
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65615d29f60e8f2b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:35
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #778668c2a196f78f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36d7ea4f33e36bca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:5
from opentelemetry.trace import Span, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9de0abaf3a36682d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:18
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fb754e40ece2d2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:19
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #69f7540b63b7f38a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:20
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48e84295235279f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:26
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83b10d15cac9107b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:3
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47b60f6a927635e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:4
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b341c085332544f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0f64e1484e8ab18d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:48
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a66cd17cafb1472 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:49
from opentelemetry.context import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #debd33ff7df18acc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:50
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba21baeb403de0fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:51
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_ID,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_MODEL,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f4d6c49831e4158 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:58
from opentelemetry.trace import SpanKind, Span, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcfcba3303b80bec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/helpers.py:9
from opentelemetry.context import create_key

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6280d6f92fbb2fdd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c9d3766eff137d26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #023dd9ee4bc92120 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/processor.py:10
from opentelemetry.context import get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93a78897336d2ea7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/span_data.py:7
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a419e824770cf73f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:1
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b15c08198b5567c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:2
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b2fdfc4027577e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:3
from opentelemetry.trace import TraceFlags, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4cd147c7a76559ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:30
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94c045a41f816ca7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:31
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd93826487f3fb77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fa2bf5462943fd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6371f536bed9f670 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/types.py:3
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cce6fc7358fe3e91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:6
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #763f2f240fb2cd9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:7
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8c861a3f73cc387 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:8
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea3febff9d067dcd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:5
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fc0c3502962b53e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:6
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10fbeacc974978af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:7
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca67386e511ce573 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:24
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b56a57537285bf72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:27
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3dbb466c5d553cca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:59
from opentelemetry import context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #726622d69d1bf100 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:60
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ddec7c82c6ef040 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:61
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #078ef30a0c2efcff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:5
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66f6988d42a1cfdb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:6
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae4ed8bf0d119cbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ea5a9d7101b3fd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:8
from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f783a0c1d5c8640 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:9
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76652c254f482cf4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:10
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c761a97d9fdad76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:11
from opentelemetry.sdk.trace import SpanProcessor, TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35de0a7b073a809b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:12
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16326d060f527503 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f327c7a4942a0bb7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:27
        from opentelemetry.instrumentation.alephalpha import AlephAlphaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d82913d07baa5541 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:49
        from opentelemetry.instrumentation.bedrock import BedrockInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e523ce8674f1b431 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:120
        from opentelemetry.instrumentation.chromadb import ChromaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fac18b7135f45f62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:145
        from opentelemetry.instrumentation.cohere import CohereInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5e98228a511de4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:157
        from opentelemetry.instrumentation.crewai import CrewAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90bf94dec3bff641 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:235
        from opentelemetry.instrumentation.haystack import HaystackInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94e3fb2f16708d9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:257
        from opentelemetry.instrumentation.lancedb import LanceInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e089abd209b0774f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:269
        from opentelemetry.instrumentation.langchain import LangchainInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af79871909375106 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:352
        from opentelemetry.instrumentation.llamaindex import LlamaIndexInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed14385f333058f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:364
        from opentelemetry.instrumentation.marqo import MarqoInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d32a7fdb6b90f90 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:376
        from opentelemetry.instrumentation.mcp import McpInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7359c0b707ac09ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:388
        from opentelemetry.instrumentation.milvus import MilvusInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf5c54d3b8bd727c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:400
        from opentelemetry.instrumentation.mistralai import MistralAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c257b13fff02a8ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:412
        from opentelemetry.instrumentation.ollama import OllamaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e151efee245e651 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:470
        from opentelemetry.instrumentation.pinecone import PineconeInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75429cf4bf0d0f07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:512
        from opentelemetry.instrumentation.qdrant import QdrantInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb1ca50dfb67ae3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:524
        from opentelemetry.instrumentation.replicate import ReplicateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52a4fc09c3c79373 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:536
        from opentelemetry.instrumentation.sagemaker import SageMakerInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7546392dc6a04ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:568
        from opentelemetry.instrumentation.together import TogetherAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da7dd83dbc7c3a14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:581
        from opentelemetry.instrumentation.transformers import TransformersInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c23e74425654212 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:593
        from opentelemetry.instrumentation.vertexai import VertexAIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f8a2319bec14e3c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:608
        from opentelemetry.instrumentation.watsonx import WatsonxInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40547248f77a0cfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:620
        from opentelemetry.instrumentation.weaviate import WeaviateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e79bed724eff9bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/attributes.py:2
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_ID,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f80c5a71bfcabeb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/context.py:7
from opentelemetry.context import Context, Token, create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d341f6f423a1bc37 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:6
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0828b180b53ae69b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:7
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ced0ef977baa850c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:8
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c8c32e22ff9b58a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:9
from opentelemetry.sdk._logs.export import LogRecordExporter, LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee7329c389fb7045 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:10
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dfdc120f0433b7b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:13
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3508d16a829d7cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:16
from opentelemetry.exporter.otlp.proto.http import Compression as HTTPCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca49ee4b2f8d5cc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter as HTTPOTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8172bc22630a4f1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:20
from opentelemetry.exporter.otlp.proto.http._log_exporter import (
    OTLPLogExporter as HTTPOTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2c0ca7bbca1fa7c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:6
from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bf65bdac7b6efc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:15
    from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0bf54c3e7acecf41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:16
    from opentelemetry.sdk.trace import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d21e927d8c318f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:5
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f09a6b41fa2b5ec4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:6
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9ce0cca1771f125 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:7
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SimpleSpanProcessor,
    SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4536f347d34d0ac3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:8
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab21fcd70450ee80 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:9
from opentelemetry.sdk.trace import Event, ReadableSpan, Span as SDKSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05d2adae48c4d70e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:10
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationInfo,
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9621cee7ba6b3d29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:14
from opentelemetry.trace import Link, Span, SpanContext, SpanKind, Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c674668efbf0058e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:15
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e44f18175d8db94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:16
from opentelemetry.context import detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff9e25e52230c9f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:4
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b23da2df109789d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:5
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #24740933dee24736 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/utils.py:1
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #98aa911d7ea47269 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:12
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e6ae3b24844c5bf0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:13
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85375a34d7a8178b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:14
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba180b23a8b3f385 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a92c79e2b216b2b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d00f29a9cfc46df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:8
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abccb2a4fdb9f93c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7a7cbb264e54e98 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:8
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aac554efc60cf390 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:9
from opentelemetry.trace import NonRecordingSpan, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1178334d0366bb62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:9
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d966443e0ab5f9b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:10
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5aab0e12c8e7f1f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:11
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #145ac624d0679dd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:12
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90d331ee84a22efb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:15
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7878355777078827 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:16
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #24cf8c3217ff3ba4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:17
from opentelemetry.trace import (
    get_tracer,
    Tracer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e61ef7edbef5d7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #984074991edb6d0b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/debug/replay.py:17
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a44ea91a20141c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:15
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31e33ad5a8ae5d2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #69561337690a65f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:17
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36db04ca4a775722 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:18
from opentelemetry.sdk.trace.id_generator import RandomIdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca0761c38389756f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:19
from opentelemetry.trace import INVALID_TRACE_ID, Span, Status, StatusCode, use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #631acf0adbb9487b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:20
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85eafc3dfa2c10ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/types.py:10
from opentelemetry.trace import SpanContext, TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 66 low-confidence finding(s)
low env_fs dependency Excluded from app score #a95d05e4d4a66a0b Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/datasets.py:113
        output_path.write_text(_dump_json([item.model_dump() for item in data]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15327cfebc8f8ca Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:33
        os.environ["LMNR_FRONTEND_PORT"] = str(args.frontend_port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4da0933aad39af7a Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:112
            with open(args.output_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #17aa7d268358a7a7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:28
        with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cabdbbb6478b8e76 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:32
        with open(target_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b484fadc3e3189c4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:27
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa5ec9fef98cd1c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/proxy.py:32
        env_val = os.environ.get("LMNR_CC_PROXY_MAX_PORTS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77cbf7a6dc4b79c8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:40
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abbca4ea74f01532 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:42
            snapshot[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24706f32faf61250 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:58
            os.environ[key] = value if value is not None else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9d4f3a30fbbe0a9 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:60
            os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f6b9a73312008b Filesystem access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:106
        with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab38cf90a7c546e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:157
        return env_dict.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0395a153375d62eb Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:252
        "ANTHROPIC_BASE_URL": os.environ.get("ANTHROPIC_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8a43479225e596f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:253
        "ANTHROPIC_ORIGINAL_BASE_URL": os.environ.get("ANTHROPIC_ORIGINAL_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be036bb931646c7a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:254
        "HTTP_PROXY": os.environ.get("HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf94af5745b6722f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:255
        "HTTPS_PROXY": os.environ.get("HTTPS_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87b9335e06550ef0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:260
    if "ANTHROPIC_ORIGINAL_BASE_URL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29d3361ecf2762fb Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:263
            os.environ["ANTHROPIC_ORIGINAL_BASE_URL"] = target

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1332c48904273831 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:267
    os.environ["ANTHROPIC_BASE_URL"] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c6167543764fe14 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:271
        os.environ.pop(proxy_var, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76e1849c62cf3378 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:274
    if is_truthy_env(os.environ.get(FOUNDRY_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8422f90db4073ec Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:275
        snapshot[FOUNDRY_BASE_URL_ENV] = os.environ.get(FOUNDRY_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f22f6d227a34ebe Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:276
        snapshot[FOUNDRY_RESOURCE_ENV] = os.environ.get(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #381db10876ce7926 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:278
        os.environ[FOUNDRY_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63e80568c51e3846 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:279
        os.environ.pop(FOUNDRY_RESOURCE_ENV, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e647b136e79c9e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:282
    if is_truthy_env(os.environ.get(BEDROCK_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7861addb0b576fe6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:283
        snapshot[BEDROCK_BASE_URL_ENV] = os.environ.get(BEDROCK_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08e60f5239b1f052 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:284
        os.environ[BEDROCK_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b61446442067efe Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:287
    if is_truthy_env(os.environ.get(VERTEX_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f516a5f33bf05ca8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:288
        snapshot[VERTEX_BASE_URL_ENV] = os.environ.get(VERTEX_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e098e07282a8fe1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:289
        os.environ[VERTEX_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aadea4d1642e0ae Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:216
            if FOUNDRY_RESOURCE_ENV in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bad55aee54a01293 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:217
                original_env[FOUNDRY_RESOURCE_ENV] = os.environ[FOUNDRY_RESOURCE_ENV]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ac8f345c83091f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:219
                os.environ.pop(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32259a991da4ff50 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:223
                if proxy_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a020b1620fd4dd Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:224
                    original_env[proxy_var] = os.environ[proxy_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d260e730b9a83e2e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:226
                    os.environ.pop(proxy_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78c608aaaf87246 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:406
        return options.env.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2272b8cd0d2586 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:85
        os.getenv("LAMINAR_TRACE_CONTENT") or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056cd086a97a32da Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:21
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a3bd73bc6249e20 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:142
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0e418cafb056684 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:58
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d147a5c6e0456f8a Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:61
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e21613d53a1b0b58 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:129
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #706d8a61cff1489b Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:132
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434f937bceda0435 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:47
        result = orjson.loads(file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a102e02117c70c57 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:53
        return [dict(row) for row in csv.DictReader(file.read_text().splitlines())]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9368160544d4e8f1 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:56
            orjson.loads(line) for line in file.read_text().splitlines() if line.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60f4e443ea9fbfd7 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:140
    if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e851c0cf2cc1281f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:151
        os.environ.get("LMNR_DEBUG_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a8957aba9e6256 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:162
        os.environ.get("LMNR_DEBUG_REPLAY_TRACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54b199f5b7e91252 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:166
    cache_until_value = os.environ.get("LMNR_DEBUG_CACHE_UNTIL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6c7597439c5f204 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:51
        with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244d80975f3f0e1a Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:116
        with open(
            os.path.join(target_dir, DEBUG_SESSION_FILE), "w", encoding="utf-8"
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bc4b416a7c83128 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:345
        if env_metadata_str := os.getenv("LMNR_TRACE_METADATA"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9214f4a341e87a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:352
        if not os.getenv("OTEL_ATTRIBUTE_COUNT_LIMIT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1e0f4e2f71c4ea8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:355
            os.environ["OTEL_ATTRIBUTE_COUNT_LIMIT"] = "10000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfb64827db51ec4e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:366
            os.environ.get("LMNR_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afd65a7e548a62c3 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:409
        env_context = os.getenv("LMNR_SPAN_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db719eb1a84d5de2 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:524
            if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc0b6dc588223d13 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:561
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f5d3d0e2fc5c898 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:705
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f978a3b4df6427 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/log.py:70
    if val := os.getenv("LMNR_LOG_LEVEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0edd43af6ed77886 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/utils.py:124
    if val := os.getenv(key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b3470809c38c5ffd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/version.py:23
        response = httpx.get("https://pypi.org/pypi/lmnr/json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

posthog

python dependency
medium telemetry dependency Excluded from app score #524d91877e042902 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:6
from posthog.args import (
    ID_TYPES as ID_TYPES,
    ExceptionArg,
    OptionalCaptureArgs,
    OptionalSetArgs,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47b6b98a88cef399 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:12
from posthog.capture_compression import CaptureCompression as CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1adcad02a511136 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:13
from posthog.capture_mode import CaptureMode as CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0e985a00b33e5a50 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:14
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48e2b8ed7ca0161a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:15
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1cd3d544c6293499 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:16
from posthog.contexts import (
    identify_context as inner_identify_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42430f87e6467ced Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:19
from posthog.contexts import (
    new_context as inner_new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8e96053b7e38172 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:22
from posthog.contexts import (
    scoped as inner_scoped,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c94ed06f7a74a783 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:25
from posthog.contexts import (
    set_capture_exception_code_variables_context as inner_set_capture_exception_code_variables_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd433e996ad7d225 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:28
from posthog.contexts import (
    set_code_variables_ignore_patterns_context as inner_set_code_variables_ignore_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e899aff0197b6a40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:31
from posthog.contexts import (
    set_code_variables_mask_patterns_context as inner_set_code_variables_mask_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7189f04e5f7fdd0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:34
from posthog.contexts import (
    set_code_variables_mask_url_credentials_context as inner_set_code_variables_mask_url_credentials_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4258d8e05e9ef2f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:37
from posthog.contexts import (
    set_code_variables_detect_secrets_context as inner_set_code_variables_detect_secrets_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42cb330a2c9b4b67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:40
from posthog.contexts import (
    set_context_device_id as inner_set_context_device_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc210c9a7c983d9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:43
from posthog.contexts import (
    set_context_session as inner_set_context_session,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e6c19b811cfd80d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:46
from posthog.contexts import (
    tag as inner_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95077fdda559ac4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:49
from posthog.contexts import (
    get_tags as inner_get_tags,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d53a8d28aa1c97c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:52
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #feb92b8852bba6f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:58
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations as FeatureFlagEvaluations,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fcf031b83e31201 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:61
from posthog.feature_flags import (
    InconclusiveMatchError as InconclusiveMatchError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21753a7c74e66177 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:64
from posthog.feature_flags import (
    RequiresServerEvaluation as RequiresServerEvaluation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #890bd50e11c3c515 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:67
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData as FlagDefinitionCacheData,
    FlagDefinitionCacheProvider as FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9b590c145621a26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:71
from posthog.request import (
    disable_connection_reuse as disable_connection_reuse,
    enable_keep_alive as enable_keep_alive,
    set_socket_options as set_socket_options,
    SocketOptions as SocketOptions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7e3a6a33588d51b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:77
from posthog.types import (
    BeforeSendCallback as BeforeSendCallback,
    FeatureFlag as FeatureFlag,
    FlagValue as FlagValue,
    FlagsAndPayloads as FlagsAndPayloads,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e39cb73dfa23c4d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:83
from posthog.types import (
    FeatureFlagResult as FeatureFlagResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f940c74dda34deca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:86
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7977438fd27fce0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/__init__.py:1
from posthog.ai.prompts import PromptResult, PromptSource, Prompts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4edfbd3bb7f16edc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:13
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a47ed25ae77a23bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #507ce788562f30ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:18
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26b9d683142a08dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:25
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f402f3140fcde463 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:26
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3bbcb8947fde6ae1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31e473fa507fcaae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:244
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ecefc8e7cded2f81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:245
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf883608081e6b22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:249
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34435532f9b189bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be1add30eca564ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:14
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e8975cd374b4c4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:15
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a6e904912f71efb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac1c59f966234b7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:20
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b032a3416503893 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:27
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cba3309a8334ee50 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15001770c8e7760c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:245
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9febe3a3890d98bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:246
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1fa5738c29f74539 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:250
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95aec813da49fdb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedMessage,
    FormattedTextContent,
    StreamingContentBlock,
    TokenUsage,
    ToolInProgress,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6596bf8eae638d19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:20
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e097a3892376350 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:435
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9026b27f2dffb14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:10
from posthog.ai.anthropic.anthropic import WrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14318d4a366c795f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:11
from posthog.ai.anthropic.anthropic_async import AsyncWrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #340a5865db2314a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:12
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0cfce7bc09fc6716 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f21163b05df20f5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:9
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbefeca3e6020e92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:18
from posthog.ai.claude_agent_sdk.client import PostHogClaudeSDKClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a34e993b8d4cd8cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:19
from posthog.ai.claude_agent_sdk.processor import PostHogClaudeAgentProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31bbc9bbd0027048 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:26
from posthog.ai.claude_agent_sdk.processor import (
    PostHogClaudeAgentProcessor,
    _GenerationTracker,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8734d6087e8b0e58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:30
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1c7be54f4d5f27b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7f363e928765543 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:28
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc53eb1c1d6ac6aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43ffb2830197f2e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cc7cd23fe483095 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #123d9ef5968f39f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a25ce80f2fa9a2c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d46ef30b0559c5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:29
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c70dc8e6c893322 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:30
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e4c98e4169c6f82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c784e105f6242a17 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:6
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3353458f306ea8a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:7
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #490c71f9c767263f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:8
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #244e40c6f4eeb4f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:17
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d889bcc0c5379100 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:18
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3801d5235bf652c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:23
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb0a44af4fa8d6da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:30
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58a88a02c72992b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:31
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57536f610e981112 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:32
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3a0db5e9186f698 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:10
from posthog.ai.types import (
    FormattedContentItem,
    FormattedMessage,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2fa7db53cdbf2610 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:15
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21b355c2eb0a5019 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:370
            from posthog.ai.types import FormattedMessage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7b2f13eeff0af83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:44
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5354bc07dec59d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:45
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d3659aa0d7bf83c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:46
from posthog.ai.sanitization import sanitize_langchain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b22153cae586061 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:47
from posthog.ai.utils import get_model_params, with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #902e072118038a65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:48
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d34b9a972d3dcd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce5acb3275ae6fbd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    extract_available_tool_calls,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b539c3cdc9ae3a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:20
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f47daf0eac0a7008 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:26
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cfbfe44551f4832 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cb0258a975c474a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:28
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71ad8af974831319 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:29
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a40615177c47995 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:238
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #974300f70df740d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:239
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1039a800ecd812f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:243
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b78596c19e3aa268 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:507
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3387a979fa83d6d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:508
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #785c0834966b91c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:512
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #701450c8ed2868d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:5
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef9c34139147d92b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:6
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f39a4693f96dfc41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:15
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #daf238635ae56d87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    extract_available_tool_calls,
    get_model_params,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f955a851f0d2177d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:23
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,
    format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cda4456478a7510 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:30
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #29efe1233d2e6f2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0979001c593f72f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:32
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e7cf61a23b376d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedImageContent,
    FormattedMessage,
    FormattedTextContent,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4444572f3b327265 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:19
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5165b25c71a078f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:769
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #183051b068d5a036 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:8
from posthog.ai.openai.openai import (
    WrappedBeta,
    WrappedChat,
    WrappedEmbeddings,
    WrappedResponses,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0bcf7bff9a73e068 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:14
from posthog.ai.openai.openai_async import WrappedBeta as AsyncWrappedBeta

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15d5c2b84d38ebec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:15
from posthog.ai.openai.openai_async import WrappedChat as AsyncWrappedChat

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14a275ebb1cf6c44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:16
from posthog.ai.openai.openai_async import WrappedEmbeddings as AsyncWrappedEmbeddings

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dea18ea2bd69d4f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:17
from posthog.ai.openai.openai_async import WrappedResponses as AsyncWrappedResponses

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d606647a473b347e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:20
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c984e8d8f79c19e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:21
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d22c6d88be702430 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:8
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51ac27b3bb087063 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:17
from posthog.ai.openai_agents.processor import PostHogTracingProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d8fefcaa2780e44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:23
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61474567e018a36c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:24
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20937e58fbf13a48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:29
from posthog.ai.otel.exporter import PostHogTraceExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97606d91b880300d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:30
from posthog.ai.otel.processor import PostHogSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1c6938d97aef5e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:31
from posthog.ai.otel.spans import is_ai_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13c59b39db1fba1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:10
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca6e1579ff59655b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:11
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83d6376f8be264dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:12
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b356bcebb685196 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:10
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #67238a64748176bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:11
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c022a26a8ae77285 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:12
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cecd1abbfefb4fce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:13
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60f230c4a1f23667 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/spans.py:6
    from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12450c2c8c0ad670 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:15
from posthog.request import USER_AGENT, _get_session

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86df7dbdc333eba3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:16
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b74552d06ec94084 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:5
from posthog import get_tags, identify_context, new_context, tag, contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7ee85e1273e5b24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:6
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21bde2ba2922e48a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:7
from posthog.ai.sanitization import (
    sanitize_anthropic,
    sanitize_gemini,
    sanitize_langchain,
    sanitize_openai,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee3cc776eb569f0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:13
from posthog.ai.types import FormattedMessage, StreamingEventData, TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec8cb810d6367df0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:14
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7cb13ffb793f9bba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:197
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9439fa214a797478 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:203
        from posthog.ai.openai.openai_converter import (
            extract_openai_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #510a6b8071341391 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:209
        from posthog.ai.gemini.gemini_converter import (
            extract_gemini_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dce7f0b9815b1ac1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:223
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adc96f5427141bd1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:227
        from posthog.ai.openai.openai_converter import format_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3e1ffaa0f2b2bcc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:231
        from posthog.ai.gemini.gemini_converter import format_gemini_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #636447bccf906e38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:240
        from posthog.ai.openai.openai_converter import extract_openai_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #747563fc443bc668 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:244
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_stop_reason,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #01c4c0f97840efa2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:250
        from posthog.ai.gemini.gemini_converter import extract_gemini_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b65a8d309c5cf319 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:261
        from posthog.ai.anthropic.anthropic_converter import extract_anthropic_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d3502fae1ae62b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:265
        from posthog.ai.gemini.gemini_converter import extract_gemini_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d743e93bdc5cd4bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:269
        from posthog.ai.openai.openai_converter import extract_openai_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cffd51cbdfb5413e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:282
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4800fd2b78c64eb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:288
        from posthog.ai.gemini.gemini_converter import format_gemini_input_with_system

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b195caadee44e5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:294
        from posthog.ai.openai.openai_converter import format_openai_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fceaf2ba895e1625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:8
from posthog.types import SendFeatureFlagsOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8b40ce12cc22f1c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:11
    from posthog.feature_flag_evaluations import FeatureFlagEvaluations

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8efe594a52b9f3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:48
from posthog.capture_compression import CaptureCompression, _zstandard

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4280dc307057854f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:49
from posthog.request import (
    DatetimeSerializer,
    USER_AGENT,
    APIError,
    _get_session,
    normalize_host,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #963031190451c62e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:56
from posthog.utils import guess_timezone as _guess_timezone, remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4536a309d1ea7eec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:17
from posthog._async_utils import _BackgroundEventLoopRunner

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28bda63acedb2827 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:18
from posthog.args import ID_TYPES, ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a535c773690f7d1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:19
from posthog.capture_compression import (
    CaptureCompression,
    _resolve_capture_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1889981118e7e73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:23
from posthog.capture_mode import CaptureMode, _resolve_capture_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eedbb4cae3c0179b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:24
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #674a046410ab71c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:25
from posthog.consumer import Consumer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #330a83a0d0a978ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:26
from posthog.contexts import (
    _get_current_context,
    get_capture_exception_code_variables_context,
    get_code_variables_detect_secrets_context,
    get_code_variables_ignore_patterns_context,
    get_code_variables_mask_patterns_context,
    get_code_variables_mask_url_credentials_context,
    get_context_device_id,
    get_context_distinct_id,
    get_context_session_id,
    get_tags as _context_get_tags,
    identify_context as _context_identify_context,
    _scoped as _context_scoped,
    new_context,
    set_context_device_id as _context_set_context_device_id,
    set_context_session as _context_set_context_session,
    tag as _context_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b4282f03837362a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:44
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #63fb257ed4c4de5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:45
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #89b0fb7ee7560f3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:46
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,
    exc_info_from_error,
    exception_is_already_captured,
    exceptions_from_error_tuple,
    handle_in_app,
    mark_exception_as_captured,
    try_attach_code_variables_to_frames,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea599ba9d755fde0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:58
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations,
    _EvaluatedFlagRecord,
    _FeatureFlagEvaluationsHost,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7200d426fcf022a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:63
from posthog.feature_flags import (
    InconclusiveMatchError,
    RequiresServerEvaluation,
    match_feature_flag_properties,
    resolve_bucketing_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad1fefe1eee23129 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:69
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData,
    FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aca474ecb3f4fe1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:73
from posthog.poller import Poller

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #23b0e51b3cf9b232 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:74
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    QuotaLimitError,
    RequestsConnectionError,
    RequestsTimeout,
    batch_post,
    determine_server_host,
    flags,
    get,
    is_ai_event,
    normalize_host,
    remote_config,
    reset_sessions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2303240c5a209094 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:90
from posthog.types import (
    FeatureFlag,
    FeatureFlagError,
    FeatureFlagResult,
    FlagMetadata,
    FlagsAndPayloads,
    FlagsResponse,
    FlagValue,
    SendFeatureFlagsOptions,
    normalize_flags_response,
    to_flags_and_payloads,
    to_payloads,
    to_values,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #165da5bd0b2a9383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:104
from posthog.utils import (
    FlagCache,
    RedisFlagCache,
    SizeLimitedDict,
    clean,
    guess_timezone,
    system_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fcb14fc2312cc5df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:112
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7fb31b7a626e1f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:7
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4de18d1ff8a27321 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:8
from posthog.capture_compression import CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #745354a6122fa63e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:9
from posthog.capture_mode import CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e08ed358d2b548cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:10
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #076d4640cef1b111 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:11
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    DatetimeSerializer,
    batch_post,
    is_ai_event,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7e82fd3aaa7b56e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:7
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55dd5fc308e22f5a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:12
from posthog.bucketed_rate_limiter import BucketedRateLimiter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21f2544d04ced01b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:13
from posthog.exception_utils import walk_exception_chain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3604f1cd5c220cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:16
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e92c07dbc7dd6c7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:37
from posthog.args import ExceptionArg, ExcInfo  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25ff8d7eaf4c8bca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flag_evaluations.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c9d5e3d83e54c69a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:10
from posthog import utils

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #537ae106a1346f15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49f3c5eba77d6c05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:12
from posthog.utils import convert_to_datetime_aware, is_valid_regex

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3124625f0d3b9375 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:468
            from posthog import capture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dfc0bd8a3a95b93d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:470
            capture(event, properties=properties)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ecfe4a986a2eb1af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:476
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #339afcdd94def389 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:366
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2afad698b1de17b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:29
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #33f39ad669a3b66a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:126
        from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #495c17a6624e59dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_exceptions.py:15
from posthog.exception_utils import exceptions_from_error_tuple

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df91a3ceace4293b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_sink.py:20
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd49fa1e06ac83fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/posthog_mcp.py:17
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb67202df1c40282 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:18
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a086f7d08911e9b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:19
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adbc1e349d61fdd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:20
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #39b2a3a86f0b070c Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:190
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc1eb27dae6f254e Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:191
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b7b70e0cb177fdf Environment-variable access.
pkgs/python/[email protected]/posthog/ai/sanitization.py:11
    return os.environ.get("_INTERNAL_LLMA_MULTIMODAL", "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7e7c6cf42abc7bd Environment-variable access.
pkgs/python/[email protected]/posthog/capture_compression.py:105
    raw = os.environ.get(CAPTURE_COMPRESSION_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e5416973f49ea7 Environment-variable access.
pkgs/python/[email protected]/posthog/capture_mode.py:70
    raw = os.environ.get(CAPTURE_MODE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-api

python dependency
medium telemetry dependency Excluded from app score #b04174a011d675c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:22
from opentelemetry._logs import LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8943ebe214634dda Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:23
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12285c16c1736864 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:24
from opentelemetry.environment_variables import (
    _OTEL_PYTHON_EVENT_LOGGER_PROVIDER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed7b7a324fd89c49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:27
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a8bc12202bf3aa1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:28
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff91ec83534614db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:29
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82fc3fffc135bfa3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:30
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ffa4bb528b2411f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:36
from opentelemetry._logs._internal import (
    Logger,
    LoggerProvider,
    LogRecord,
    NoOpLogger,
    NoOpLoggerProvider,
    get_logger,
    get_logger_provider,
    set_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b3427ac07b29ba7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2383349b02c0c759 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1afd7dcae3b081e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:47
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #251fed09924e5b9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:48
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0b96c87811e3fc94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:49
from opentelemetry.environment_variables import _OTEL_PYTHON_LOGGER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf80a3bc33c18c2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:50
from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d77c010d87114e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:51
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4532ce482faab41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:52
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5fcf48c6f967b4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:53
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #852111877fb2b75e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:54
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #359889e54dba012b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/attributes/__init__.py:21
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e386d5e870067c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:20
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #62401f3690313bbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:21
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de09091148a2bb72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:22
from opentelemetry.util.re import (
    _BAGGAGE_PROPERTY_FORMAT,
    _KEY_FORMAT,
    _VALUE_FORMAT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81bcefeef4e0d338 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:20
from opentelemetry.baggage import _is_valid_pair, get_all, set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3e22de1bdd759b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:21
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df36e992bc9acf85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:22
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb4df40ac6b42930 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:23
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5e6bba8783ff1cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:24
from opentelemetry.util.re import _DELIMITER_PATTERN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85f4efae1eeeed70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:24
from opentelemetry.context.context import Context, _RuntimeContext  # noqa

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38c02a51efd625d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:25
from opentelemetry.environment_variables import OTEL_PYTHON_CONTEXT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #074bfae5ae1f3e2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:26
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a2e1c5943c5518d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/contextvars_context.py:19
from opentelemetry.context.context import Context, _RuntimeContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b920a11d853ceb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:42
from opentelemetry.metrics._internal import (
    Meter,
    MeterProvider,
    NoOpMeter,
    NoOpMeterProvider,
    get_meter,
    get_meter_provider,
    set_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1278242330d807ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:51
from opentelemetry.metrics._internal.instrument import (
    Asynchronous,
    CallbackOptions,
    CallbackT,
    Counter,
    Histogram,
    Instrument,
    NoOpCounter,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    Synchronous,
    UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4fc750ce295df6b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:70
from opentelemetry.metrics._internal.instrument import Gauge as _Gauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #344119622232a658 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:71
from opentelemetry.metrics._internal.instrument import NoOpGauge as _NoOpGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d7f2b0d3658ca14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:72
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abd104ffc2332435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:51
from opentelemetry.environment_variables import OTEL_PYTHON_METER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60a0515b977ae3ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:52
from opentelemetry.metrics._internal.instrument import (
    CallbackT,
    Counter,
    Gauge,
    Histogram,
    NoOpCounter,
    NoOpGauge,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,
    _MetricsHistogramAdvisory,
    _ProxyCounter,
    _ProxyGauge,
    _ProxyHistogram,
    _ProxyObservableCounter,
    _ProxyObservableGauge,
    _ProxyObservableUpDownCounter,
    _ProxyUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec5eac7e54372fd9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:77
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0be19ed1bc66fe4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:78
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e05ee7bb6584a7f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:79
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce58efcd36dddd7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:35
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #961ec80e65bab463 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:36
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1f668ddcd1d882fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:37
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22c5236ba2188fcf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:38
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6123a61f8da3ad67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:17
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f7dab24df5110e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:18
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c5f4885f054675d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:75
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac821f663d2372ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:76
from opentelemetry.environment_variables import OTEL_PROPAGATORS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb6094dcc01ff4d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:77
from opentelemetry.propagators import composite, textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d51fac9e303e5e18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:78
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e89b2bf721ae2d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f598e40a2b7419d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da9e2a0d3cb895ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/textmap.py:18
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1cc16d0a148d90da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:85
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2b4a12c2692d9ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:86
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21a08850ceafff8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:87
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c0ab55393a358fd3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:88
from opentelemetry.environment_variables import OTEL_PYTHON_TRACER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3ecb74ff32d860d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:89
from opentelemetry.trace.propagation import (
    _SPAN_KEY,
    get_current_span,
    set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1f27e16b8716d15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:94
from opentelemetry.trace.span import (
    DEFAULT_TRACE_OPTIONS,
    DEFAULT_TRACE_STATE,
    INVALID_SPAN,
    INVALID_SPAN_CONTEXT,
    INVALID_SPAN_ID,
    INVALID_TRACE_ID,
    NonRecordingSpan,
    Span,
    SpanContext,
    TraceFlags,
    TraceState,
    format_span_id,
    format_trace_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5545a46a0ccbcc86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:109
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ccd2e81d57dc135e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:110
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9104e3f94281a417 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:111
from opentelemetry.util._decorator import _agnosticcontextmanager

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a74cfd782e33edb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:112
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53b8b9e2a9d6c383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:113
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f50662514b80a6f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:16
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #822ef8b0b3234663 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:17
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c79c984a1f55c3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:18
from opentelemetry.trace.span import INVALID_SPAN, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0077fd25828c4832 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:18
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a927ee9d4f5c41ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48ae78ab75c38478 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #991290da3aa0d8eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:21
from opentelemetry.trace import format_span_id, format_trace_id

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #861ad450bc3a5db8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:22
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a8c3e532aa41f71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:8
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94baad5dad3ed408 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:9
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebb1b985cf63333b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:19
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66df8cacec7b22a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:22
    from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f37bad8aca8cc7e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:23
    from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #883da66897fe0ff6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:211
        if _OTEL_PYTHON_EVENT_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c762bf9c811b461e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:395
        if _OTEL_PYTHON_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f6ab390b60bf7f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:43
    configured_context = environ.get(OTEL_PYTHON_CONTEXT, default_context)  # type: str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7e17e6d19f2a4a8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:880
        if OTEL_PYTHON_METER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dbcc673f83c4b3a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c126099a4952dae Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(
    OTEL_PROPAGATORS,
    "tracecontext,baggage",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52b921b1f9201f8a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:554
        if OTEL_PYTHON_TRACER_PROVIDER not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b2457ae86f9ab3f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:36
            environ.get(provider_environment_variable, f"default_{provider}"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ddtrace

python dependency
medium telemetry dependency Excluded from app score #26ea431fa90257c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/bootstrap/preload.py:71
        from opentelemetry.trace import set_tracer_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1398876e6efec27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/openfeature/_flageval_metrics.py:69
            from opentelemetry import metrics as otel_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e6337f44a0637be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:23
        from opentelemetry.baggage import get_all

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f6dc9fa138c87fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:24
        from opentelemetry.trace import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a07631679ec33331 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:25
        from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #802cf56794743b3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:59
        from opentelemetry.baggage import set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a649d014004f6328 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:60
        from opentelemetry.context.context import Context as OtelContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd5e76c801e942fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:61
        from opentelemetry.trace import NonRecordingSpan as OtelNonRecordingSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fab0119b35495442 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:62
        from opentelemetry.trace import SpanContext as OtelSpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6751df642893eefc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:63
        from opentelemetry.trace import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e26fcda96634828f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:64
        from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #378d0d65a1e328f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:4
import opentelemetry.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da50200255f8d26c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:63
        from opentelemetry._logs._internal import _LOGGER_PROVIDER as logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7165a348d788a71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:84
        from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe11396d17a080ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:136
            from opentelemetry.exporter.otlp.proto.grpc._log_exporter import OTLPLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fa917a5f07bd59b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:137
            from opentelemetry.exporter.otlp.proto.grpc.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #124f0fa9f337488f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:139
            from opentelemetry.exporter.otlp.proto.http._log_exporter import OTLPLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #88735b4e132ebb90 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:140
            from opentelemetry.exporter.otlp.proto.http.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ddffe26faeb660c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:174
        from opentelemetry.sdk._configuration import _init_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d37fd6d5022d3e08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:4
import opentelemetry.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #04c2de67812b458f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:60
        from opentelemetry.metrics._internal import _METER_PROVIDER as meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e879ddbf593e116e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:80
        from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #134ff8c87580eca7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:144
            from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import OTLPMetricExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9222d71930ef1533 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:145
            from opentelemetry.exporter.otlp.proto.grpc.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7bf262114f2915e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:147
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import OTLPMetricExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd6dd92f4a7741b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:148
            from opentelemetry.exporter.otlp.proto.http.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d9bf89602c71b60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:183
        from opentelemetry.sdk._configuration import _init_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1de660f8b1bbcf9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:5
from opentelemetry.trace import Span as OtelSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f68df197322e5154 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:6
from opentelemetry.trace import SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2287b87041ab3a3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:7
from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74b97c39271d3895 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:8
from opentelemetry.trace import Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6fcd9d49ddb3ee85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:9
from opentelemetry.trace import StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adf15650940e864c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:10
from opentelemetry.trace.span import DEFAULT_TRACE_OPTIONS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9bf8fc6a2f24dd4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:11
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c56fe69b0b3b659c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:12
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0efd0d2507669e46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:32
    from opentelemetry.util.types import Attributes  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbfd852ca601c09c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:33
    from opentelemetry.util.types import AttributeValue  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1303ace5af5adfd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:8
from opentelemetry import version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ceb2496ec6aa1c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:9
from opentelemetry.context import Context as OtelContext  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #271532f0957f0f3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:10
from opentelemetry.trace import SpanKind as OtelSpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f83989a4397efe4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:11
from opentelemetry.trace import Tracer as OtelTracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1370177cc48c62cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:12
from opentelemetry.trace import TracerProvider as OtelTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8dfd4f651a9ccfc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:13
from opentelemetry.trace import use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d52bf5379dd34ac4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:14
from opentelemetry.trace.propagation import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3a503b3092a1ab5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:15
from opentelemetry.trace.span import DEFAULT_TRACE_OPTIONS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c602d675b37e4436 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:16
from opentelemetry.trace.span import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3dacb9766f2772d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:28
    from opentelemetry.trace import Link as OtelLink  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d849ca13136744bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:29
    from opentelemetry.trace.span import Span as OtelSpan  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bef450883e6f0157 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:30
    from opentelemetry.util.types import AttributeValue as OtelAttributeValue  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b885b95798c2b13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:39
    from opentelemetry.util._decorator import _agnosticcontextmanager as contextmanager  # type: ignore[no-redef]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 126 low-confidence finding(s)
low env_fs dependency Excluded from app score #d606ad6d5095442c Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_ast/ast_patching.py:280
    with open(module_path, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8c96dd14514eb8 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_pytest_plugin.py:66
        with open(filepath, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9faf21c5e3066c5 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/_version.py:22
match = regex.search(input_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e667425c428b102a Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:153
            env_cflags = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407a0b0500106c5a Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:154
            env_cppflags = os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db98580efc91324c Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:191
        if MACOS and "MACOSX_DEPLOYMENT_TARGET" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0c4599621949dd Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:239
        fname.write_text("int main (int, char **) { return 0; }", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8c9f874cadf77d8 Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:450
                threads = int(os.environ.get(self.envvar, self.default))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a4ee886c17c2ae01 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/codespell_ignore_lines_from_errors.py:21
    with open(args[0]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f26d43214565efca Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/codespell_ignore_lines_from_errors.py:31
                    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d94afd79b57f77f Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/libsize.py:25
    with open(save) as sf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #49b2ca8fa5ac3e2f Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/libsize.py:37
with open(save, "w") as sf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0163cce9cac9fa5d Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/make_global.py:17
    pyproject = tomlkit.parse(PYPROJECT.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57dfafde59e35109 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_processor.py:118
            with open(self.rule_filename, "br") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3fa29559285698 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/sca/_cve_loader.py:122
        with open(_CVE_DATA_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c52abe73cc09fc8 Filesystem access.
pkgs/python/[email protected]/ddtrace/contrib/internal/coverage/utils.py:168
    coverage_report_bytes = tmp_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e80396305cfbb56 Environment-variable access.
pkgs/python/[email protected]/ddtrace/contrib/internal/subprocess/patch.py:589
            child_env = os.environ.copy()  # ast-grep-ignore: os-environ-fix-access

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cadb910f1a04bc1 Filesystem access.
pkgs/python/[email protected]/ddtrace/debugging/_debugger.py:321
            raw_probes = json.loads(self.probe_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ee5dce89f555487 Filesystem access.
pkgs/python/[email protected]/ddtrace/ext/ci/github_actions.py:99
        with open(file_path, "r", encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2297d18ad9a27715 Filesystem access.
pkgs/python/[email protected]/ddtrace/ext/ci/github_actions.py:197
            with open(environ["GITHUB_EVENT_PATH"]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f3c9143e338992e Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/_api_responses_cache.py:45
            with open(cache_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba2d770b5deef5b5 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/_api_responses_cache.py:60
        with open(cache_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1aa8ab44c306c7 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/git_client.py:118
        f = open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e48dc8a61ee7fd Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/codeowners.py:149
        with open(self.path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5dabebc8df31a43 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/code.py:186
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdb95e4304429eb5 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:35
        with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ea8eb499d0b3499 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:188
    with open(coverage_py_filename, "r") as coverage_py_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19b355fb9934274b Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:191
    with open(dd_coverage_filename, "r") as dd_coverage_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7da90567b174e820 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/datadog/profiling/code_provenance.py:151
        data = cache_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0494f6a9127e891f Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/datadog/profiling/code_provenance.py:199
        with open(lock_filename, "a+b") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac03ecb4fd3848e Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/flare/flare.py:116
            with open(config_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a512ad48dee32c17 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/packages.py:381
    return (dist.read_text("top_level.txt") or "").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #902a141e87366b01 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/runtime/container.py:145
        with open(f"/proc/{pid}/cgroup", mode="r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #218232b7ea8bafd7 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/sampling.py:213
        with open(file_json_raw) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20ab3a4f75b2224a Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:68
        if (value := os.environ.get(key)) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d19febc5cd0a8ec Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:71
            if (value := os.environ.get(alias)) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31aaf2d99856043c Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:77
        os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac221fc5e153f900 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:80
        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb39589e7404143 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:85
            if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0832471ea4646e21 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:87
            return any(alias in os.environ for alias in CONFIGURATION_ALIASES.get(key, ()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44a829c440d92eef Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:88
        return key in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e98c54fffe38b7 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:91
        return iter(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d920cf869b4cad77 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:94
        return len(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df77d2ac93ad9ac6 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/utils/http.py:344
            with open(template_path, "r") as template_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b9b3bf346eb0768 Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_llmobs.py:1212
            with open(csv_path, mode="r") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfa6df6bf6ad9423 Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_prompts/cache.py:148
                with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c7876c7873a8a9 Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_prompts/cache.py:166
                with open(path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #320338aebeba9f3e Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_writer.py:674
            with open(tmp.name, "w", newline="") as csv_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b94b26b5b9e72a7 Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_writer.py:687
            with open(tmp.name, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa753810537f7883 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/api_client.py:359
            content = packfile.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba633b2420b091e0 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/cached_file_provider.py:76
        with open(cache_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28e51da61960152d Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:56
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19fce5d6bf040162 Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:119
    ci_provider_tags = ci.get_ci_tags(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85a7a0bfe38d7dc2 Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:120
    user_supplied_tags = git.get_git_tags_from_dd_variables(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de21c217f4002a30 Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:122
    merge_tags(tags, local_git_tags, ci_provider_tags, user_supplied_tags, get_custom_dd_tags(os.environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de02e23126d671fa Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/git.py:133
        git_env = {**os.environ, "LC_ALL": "C", "LANG": "C"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cdbe8aad8fc1ae7 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:60
            with open(manifest_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac49885031505ee0 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:104
        with open(manifest_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #863a61fd33e16cba Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:237
        with open(tmp, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #938ae644f495aa4c Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/pytest/_discovery.py:81
    with open(output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e0b1a843f75913 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:470
            data = json.loads(sentinel.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed9c269917e61b4 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:509
            tmp.write_text(json.dumps(payload_data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f46428460b341523 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:577
            lock_file = open(lock_path, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e7b0fba2c6a3c8 Environment-variable access.
pkgs/python/[email protected]/setup.py:74
if "DD_COMPILE_DEBUG" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b352c66171c8ec59 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
    COMPILE_MODE = os.environ.get("DD_COMPILE_MODE", COMPILE_MODE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c01c341e43f968 Environment-variable access.
pkgs/python/[email protected]/setup.py:83
FAST_BUILD = os.getenv("DD_FAST_BUILD", "false").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30006b2b03e95640 Environment-variable access.
pkgs/python/[email protected]/setup.py:90
    os.environ["DD_COMPILE_ABSEIL"] = "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f678e7d913f96785 Environment-variable access.
pkgs/python/[email protected]/setup.py:93
    os.environ.setdefault("CARGO_PROFILE_RELEASE_LTO", "off")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b9589e7c9c795e3 Environment-variable access.
pkgs/python/[email protected]/setup.py:94
    os.environ.setdefault("CARGO_PROFILE_RELEASE_CODEGEN_UNITS", "16")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #086716bcfa162081 Environment-variable access.
pkgs/python/[email protected]/setup.py:95
    os.environ.setdefault("CARGO_PROFILE_RELEASE_OPT_LEVEL", "2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1ec301073c4e5e0 Environment-variable access.
pkgs/python/[email protected]/setup.py:97
SCCACHE_COMPILE = os.getenv("DD_USE_SCCACHE", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fc16c5a34a293bc Environment-variable access.
pkgs/python/[email protected]/setup.py:104
if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71af2ddf8f9c92b1 Environment-variable access.
pkgs/python/[email protected]/setup.py:105
    os.environ["CMAKE_BUILD_PARALLEL_LEVEL"] = str(_cpu_count)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f19cd4f13397367 Environment-variable access.
pkgs/python/[email protected]/setup.py:108
DOWNLOAD_MAX_RETRIES = int(os.getenv("DD_DOWNLOAD_MAX_RETRIES", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2c3ca36a4e9227 Environment-variable access.
pkgs/python/[email protected]/setup.py:109
DOWNLOAD_INITIAL_DELAY = float(os.getenv("DD_DOWNLOAD_INITIAL_DELAY", "1.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc4c9fe5db7e27c4 Environment-variable access.
pkgs/python/[email protected]/setup.py:110
DOWNLOAD_MAX_DELAY = float(os.getenv("DD_DOWNLOAD_MAX_DELAY", "120"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b36e11488bc5bc Environment-variable access.
pkgs/python/[email protected]/setup.py:123
DD_CARGO_ARGS = shlex.split(os.getenv("DD_CARGO_ARGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cdff1d456e956eb Environment-variable access.
pkgs/python/[email protected]/setup.py:125
BUILD_PROFILING_NATIVE_TESTS = os.getenv("DD_PROFILING_NATIVE_TESTS", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e4b2e59136c9444 Environment-variable access.
pkgs/python/[email protected]/setup.py:128
SERVERLESS_BUILD = os.getenv("DD_SERVERLESS_BUILD", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7654dd2248d62c7 Environment-variable access.
pkgs/python/[email protected]/setup.py:147
    _sccache_path = os.getenv("SCCACHE_PATH") or os.getenv("SCCACHE") or shutil.which("sccache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c563026d6241c2 Environment-variable access.
pkgs/python/[email protected]/setup.py:156
        os.environ["DD_SCCACHE_PATH"] = str(sccache_path.resolve())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf52fca4a5db52a Environment-variable access.
pkgs/python/[email protected]/setup.py:157
        os.environ["RUSTC_WRAPPER"] = str(sccache_path.resolve())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bea631771ece016e Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            (shutil.which(cmd) for cmd in [os.getenv("CC", ""), "cc", "gcc", "clang"] if shutil.which(cmd)), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e7e2e7d6cf2a1cf Environment-variable access.
pkgs/python/[email protected]/setup.py:162
            os.environ["DD_CC_OLD"] = cc_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db647ad23b71e737 Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            os.environ["CC"] = str(sccache_path) + " " + str(cc_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6557da67aa118394 Environment-variable access.
pkgs/python/[email protected]/setup.py:166
            (shutil.which(cmd) for cmd in [os.getenv("CXX", ""), "c++", "g++", "clang++"] if shutil.which(cmd)), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05c2d7d1f35aa5b1 Environment-variable access.
pkgs/python/[email protected]/setup.py:169
            os.environ["DD_CXX_OLD"] = cxx_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2eaf8f604970656 Environment-variable access.
pkgs/python/[email protected]/setup.py:170
            os.environ["CXX"] = str(sccache_path) + " " + str(cxx_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40fc54d1dad98e5d Filesystem access.
pkgs/python/[email protected]/setup.py:238
    expected_checksum, expected_filename = list(filter(None, open(sha256_filename, "r").read().strip().split(" ")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2516f194e6ac6d9f Filesystem access.
pkgs/python/[email protected]/setup.py:239
    actual_checksum = hashlib.sha256(open(filename, "rb").read()).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe7ac8e4ead3d3d0 Filesystem access.
pkgs/python/[email protected]/setup.py:254
    actual_checksum = hashlib.sha256(open(filename, "rb").read()).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09159d8c68c498d Environment-variable access.
pkgs/python/[email protected]/setup.py:304
        rust_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c11f026d3552659 Filesystem access.
pkgs/python/[email protected]/setup.py:351
                    sources_hash.update(source.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf1ae8deaaa57750 Environment-variable access.
pkgs/python/[email protected]/setup.py:401
        for path in os.environ.get("PATH", "").split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10d8d46c80419e3c Environment-variable access.
pkgs/python/[email protected]/setup.py:449
            dedup_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52002cd76ea21a2b Environment-variable access.
pkgs/python/[email protected]/setup.py:450
            dedup_env["PATH"] = cargo_bin + os.pathsep + os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e360396754ffe35e Environment-variable access.
pkgs/python/[email protected]/setup.py:464
    CACHE_DIR = Path(os.getenv("DD_SETUP_CACHE_DIR", HERE / ".download_cache"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abb7cbecda26a050 Environment-variable access.
pkgs/python/[email protected]/setup.py:465
    USE_CACHE = os.getenv("DD_SETUP_CACHE_DOWNLOADS", "1").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afb61830bed4fad0 Filesystem access.
pkgs/python/[email protected]/setup.py:485
        if cls.version and version_sentinel.exists() and version_sentinel.read_text().strip() != cls.version:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b30585314deb1a Environment-variable access.
pkgs/python/[email protected]/setup.py:501
                target_platform = os.getenv("PLAT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0c4be92b0440198 Filesystem access.
pkgs/python/[email protected]/setup.py:586
            (download_dir / ".version").write_text(cls.version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9b21d257e3b1e7 Environment-variable access.
pkgs/python/[email protected]/setup.py:796
        archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dce92f09a4320a4 Filesystem access.
pkgs/python/[email protected]/setup.py:803
        return sentinel.exists() and sentinel.read_text().strip() == self.config_hash()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9127019a83b1808f Filesystem access.
pkgs/python/[email protected]/setup.py:807
        (self.install_dir / ".dep_build_info").write_text(self.config_hash())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aff83e0d78bdf09 Environment-variable access.
pkgs/python/[email protected]/setup.py:817
    if os.environ.get("DD_COMPILE_ABSEIL", "1") in ("0", "false"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2123a411f5684ab Environment-variable access.
pkgs/python/[email protected]/setup.py:836
    INCREMENTAL = os.getenv("DD_CMAKE_INCREMENTAL_BUILD", "1").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #155e2347934b8baf Environment-variable access.
pkgs/python/[email protected]/setup.py:862
        dd_build_parallel = os.getenv("DD_BUILD_PARALLEL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb9e8f6261acdb7 Environment-variable access.
pkgs/python/[email protected]/setup.py:994
            if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ffd81e6767eec59 Environment-variable access.
pkgs/python/[email protected]/setup.py:1049
            archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aa0966f7dc021c3 Environment-variable access.
pkgs/python/[email protected]/setup.py:1152
        sccache_path = os.getenv("DD_SCCACHE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41a29b2e8d564e5f Environment-variable access.
pkgs/python/[email protected]/setup.py:1155
                f"-DCMAKE_C_COMPILER={os.getenv('DD_CC_OLD', shutil.which('cc'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba5227cfb8469f48 Environment-variable access.
pkgs/python/[email protected]/setup.py:1157
                f"-DCMAKE_CXX_COMPILER={os.getenv('DD_CXX_OLD', shutil.which('c++'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfe44d0a9853e4c Environment-variable access.
pkgs/python/[email protected]/setup.py:1210
        sccache_path = os.getenv("DD_SCCACHE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb727b9e0603341f Environment-variable access.
pkgs/python/[email protected]/setup.py:1213
                f"-DCMAKE_C_COMPILER={os.getenv('DD_CC_OLD', shutil.which('cc'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #863b56d47d7131fe Environment-variable access.
pkgs/python/[email protected]/setup.py:1215
                f"-DCMAKE_CXX_COMPILER={os.getenv('DD_CXX_OLD', shutil.which('c++'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bd20d50faf8ece9 Environment-variable access.
pkgs/python/[email protected]/setup.py:1292
        if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6523f694fae0f2 Environment-variable access.
pkgs/python/[email protected]/setup.py:1320
            archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c244b80feb23cc Environment-variable access.
pkgs/python/[email protected]/setup.py:1344
    enabled = "_DD_DEBUG_EXT" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de3c9ae6f157e3a4 Environment-variable access.
pkgs/python/[email protected]/setup.py:1345
    metadata_file = os.getenv("_DD_DEBUG_EXT_FILE", "debug_ext_metadata.txt")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f46fa48088bd7d6b Filesystem access.
pkgs/python/[email protected]/setup.py:1363
        with open(cls.metadata_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53921648bb737aa3 Environment-variable access.
pkgs/python/[email protected]/setup.py:1367
                ("CARGO_BUILD_JOBS", os.getenv("CARGO_BUILD_JOBS", "unset")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3801b6e0e061544f Environment-variable access.
pkgs/python/[email protected]/setup.py:1368
                ("CMAKE_BUILD_PARALLEL_LEVEL", os.getenv("CMAKE_BUILD_PARALLEL_LEVEL", "unset")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44aad980a2e60465 Environment-variable access.
pkgs/python/[email protected]/setup.py:1615
        if os.environ.get("DD_PROFILING_MEMALLOC_ASSERT_ON_REENTRY", "0") not in ("0", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f0573d8c2bdc5b1 Environment-variable access.
pkgs/python/[email protected]/setup.py:1656
if os.getenv("DD_CYTHONIZE", "1").lower() in ("1", "yes", "on", "true"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d70094d94b025e Environment-variable access.
pkgs/python/[email protected]/setup.py:1719
            force=os.getenv("DD_SETUP_FORCE_CYTHONIZE", "0") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b03d2bea4d797ee Environment-variable access.
pkgs/python/[email protected]/setup.py:1720
            annotate=os.getenv("_DD_CYTHON_ANNOTATE") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-exporter-otlp-proto-grpc

python dependency
medium telemetry dependency Excluded from app score #f8d9b52b0fe3d468 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:19
from opentelemetry.exporter.otlp.proto.common._log_encoder import encode_logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5669d3bd658cb5c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:20
from opentelemetry.exporter.otlp.proto.grpc.exporter import (
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92bcb3092063876c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:25
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #657c362f559f9423 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:28
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95acd08ba055c017 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:31
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #299c3de50ee1f758 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:32
from opentelemetry.sdk._logs.export import (
    LogRecordExporter,
    LogRecordExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6527dc1784e96c73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:36
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_LOGS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
    OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
    OTEL_EXPORTER_OTLP_LOGS_HEADERS,
    OTEL_EXPORTER_OTLP_LOGS_INSECURE,
    OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8ad3e8777b7ad02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:53
from opentelemetry.exporter.otlp.proto.common._internal import (
    _get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc261409efb58470 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:56
from opentelemetry.exporter.otlp.proto.grpc import (
    _OTLP_GRPC_CHANNEL_OPTIONS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0726aa0e057c7747 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:59
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #539a401649f54bf7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:62
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00f6406acc616002 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:65
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d1b4e4f4a61f17f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:68
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4bf5bc7495793b47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:71
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fce5d91345583826 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:74
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ce2228f67243dbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:77
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    AnyValue,
    ArrayValue,
    KeyValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a77326a427c44935 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:82
from opentelemetry.proto.resource.v1.resource_pb2 import Resource  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3da10d50fc674f01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:83
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0ac9961eb2f11b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:84
from opentelemetry.sdk._logs.export import LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe4cba6055153f30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:85
from opentelemetry.sdk._shared_internal import DuplicateFilter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef57b354b835b716 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:86
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_INSECURE,
    OTEL_EXPORTER_OTLP_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d0bd9b0181ccdb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:97
from opentelemetry.sdk.metrics.export import MetricExportResult, MetricsData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #577e33d140cd898a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:98
from opentelemetry.sdk.resources import Resource as SDKResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #33f55ed627123cf4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:99
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a0b23c72866d5b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:100
from opentelemetry.sdk.trace.export import SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9165ac107aaf893c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:101
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c33a51e7b90e07dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:102
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #96020890fe5069c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:23
from opentelemetry.exporter.otlp.proto.common._internal.metrics_encoder import (
    OTLPMetricExporterMixin,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #204db872fef5f8ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:26
from opentelemetry.exporter.otlp.proto.common.metrics_encoder import (
    encode_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4737977f0d4dd61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:29
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fcefc8851761a62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:35
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a640b14617f4da1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:38
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51613a712828b739 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:41
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d049adaca7492244 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:44
from opentelemetry.proto.metrics.v1 import metrics_pb2 as pb2  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cdf4c81aaae4e471 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:45
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_METRICS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
    OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
    OTEL_EXPORTER_OTLP_METRICS_HEADERS,
    OTEL_EXPORTER_OTLP_METRICS_INSECURE,
    OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b1544e29c835f9b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:56
from opentelemetry.sdk.metrics._internal.aggregation import Aggregation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d502115eac1a9b51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:57
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    AggregationTemporality,
    DataPointT,
    Gauge,
    Metric,
    MetricExporter,
    MetricExportResult,
    MetricsData,
    ResourceMetrics,
    ScopeMetrics,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38948fc444b52188 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:69
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    ExponentialHistogram as ExponentialHistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cef1b778b3592c74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:72
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    Histogram as HistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57819316f9a86c51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:22
from opentelemetry.exporter.otlp.proto.common.trace_encoder import (
    encode_spans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f0f49f394b42fba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:25
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba7dfd3ba005d969 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:31
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ae12cc0b48bded4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:34
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8f15b6ed6ccbfd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:37
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec7a6ce392479e5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:40
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    ResourceSpans,
    ScopeSpans,
    Status,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #572d619ff901cdff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:45
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    Span as CollectorSpan,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #96de8d56d6d6133c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:48
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_TRACES_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
    OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
    OTEL_EXPORTER_OTLP_TRACES_HEADERS,
    OTEL_EXPORTER_OTLP_TRACES_INSECURE,
    OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90d99b20ba8b30bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:59
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d4121d67ca09fda Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:60
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #1457067162fb70b4 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:70
        insecure_logs = environ.get(OTEL_EXPORTER_OTLP_LOGS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #088428354119860a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:76
            and environ.get(OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca32a3581ae144ed Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:86
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_LOGS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b108264fa6924d8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:99
            endpoint=endpoint or environ.get(OTEL_EXPORTER_OTLP_LOGS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d760859367e44dbe Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:102
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_LOGS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e431d8dcdfe1dab5 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:160
        environ[environ_key].lower().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bd5f2769eb6f318 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:161
        if environ_key in environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #effdcb3d60e1f680 Filesystem access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:185
        with open(file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580ed2cf2cd87de4 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:226
    _credential_env = environ.get(credential_entry_point_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50a81e1c07d2369a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:250
    certificate_file = environ.get(certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3a7f76f3dc947e7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:252
        client_key_file = environ.get(client_key_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adea720f8058dcb9 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:253
        client_certificate_file = environ.get(client_certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e437179c48e74ce Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dca8ff510c7aad9c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_ENDPOINT, "http://localhost:4317"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88b42f7f2009941 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:301
        insecure_exporter = environ.get(OTEL_EXPORTER_OTLP_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #567c96bda8225075 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:311
        self._headers = headers or environ.get(OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb45f12ad18cdaf1 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:335
            environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5834df91ea8306 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:113
        insecure_metrics = environ.get(OTEL_EXPORTER_OTLP_METRICS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb36b2832ebead4c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:119
            and environ.get(OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8b61330c8cdd7f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:129
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d809639845f82317 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:149
            or environ.get(OTEL_EXPORTER_OTLP_METRICS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf41c1db7a3e7800 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:152
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_METRICS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef4f8f26202224f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:99
        insecure_spans = environ.get(OTEL_EXPORTER_OTLP_TRACES_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7481d7c4b37b708 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:105
            and environ.get(OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ceca9c80b93f0f7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:115
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_TRACES_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f4e156d051e875d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:131
            or environ.get(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #701dfbb1c241ada7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:134
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_TRACES_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

daytona

python dependency
medium telemetry dependency Excluded from app score #63254b3fb7e2f2e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:15
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #246f7dcbac6d2728 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:16
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75928126a002bd86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:17
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cea9cb0121c2146b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:18
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b14f64966921ccf4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:19
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ecc019f30c43f6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:20
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3343e0047719c66e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:21
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55a0e91ff58557a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #279854254d88dd10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87d6962623d12754 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:18
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a905d4e49bb47454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:19
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afdcd4b2bdf9ffbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:20
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f38e3348cb89ae92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:21
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #500a8491718bfe9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:22
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dcf3a38183106dbe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:12
from opentelemetry import metrics, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f2cb68a77e49a09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:13
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #2a2b33e84fa4441b Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:947
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1418df3069d49c01 Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:1200
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b79c83968cb8e528 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/computer_use.py:623
            with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5971122eecb98bad Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:472
                            writer = open(meta.dst, mode="wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f208feafd62480 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:911
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866389cb53dbe434 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:1022
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ef46e9707699d7 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:110
            with open(abs_path_str, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc2b97f2cd7643be Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:126
                    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7af1e75219203d4a Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/env.py:26
        val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c05ba13d5da4be3 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:15
    old_env: MutableMapping[str, str] = deepcopy(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa59e46bb6a0950d Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:16
    os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d8cb6cc9050dab Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:18
        os.environ.update(temp_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b1f755e4f5039af Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:22
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae197ee72571642e Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:23
        os.environ.update(old_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4672b1f7416a11c2 Filesystem access.
pkgs/python/[email protected]/src/daytona/common/image.py:438
        dockerfile = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

coredis

python dependency
medium telemetry dependency Excluded from app score #cad40617b07ca32b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:22
from opentelemetry import metrics, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #247f44b01a91e1b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:23
from opentelemetry.metrics import (
    CallbackOptions,
    Counter,
    Histogram,
    Meter,
    Observation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9dc55e33bc115e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:30
from opentelemetry.semconv._incubating.attributes.db_attributes import (
    DB_CLIENT_CONNECTION_STATE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a87948507fea59f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:33
from opentelemetry.semconv._incubating.metrics.db_metrics import (
    DB_CLIENT_CONNECTION_COUNT,
    DB_CLIENT_CONNECTION_CREATE_TIME,
    DB_CLIENT_CONNECTION_MAX,
    DB_CLIENT_CONNECTION_PENDING_REQUESTS,
    DB_CLIENT_CONNECTION_TIMEOUTS,
    DB_CLIENT_CONNECTION_USE_TIME,
    DB_CLIENT_CONNECTION_WAIT_TIME,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be8e82e28e8b5fc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:42
from opentelemetry.semconv.attributes.db_attributes import (
    DB_OPERATION_BATCH_SIZE,
    DB_OPERATION_NAME,
    DB_QUERY_TEXT,
    DB_STORED_PROCEDURE_NAME,
    DB_SYSTEM_NAME,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d2e19eecf19eaf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:49
from opentelemetry.semconv.metrics.db_metrics import DB_CLIENT_OPERATION_DURATION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4dbc06bc2484565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:50
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #710ecdebe082b156 Environment-variable access.
pkgs/python/[email protected]/coredis/config.py:7
    if var := os.environ.get(name):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8741d23596aaed19 Environment-variable access.
pkgs/python/[email protected]/coredis/config.py:20
            for cmd in os.environ.get("COREDIS_OTEL_DISABLED_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f93b09561dc567b6 Filesystem access.
pkgs/python/[email protected]/coredis/patterns/lock/__init__.py:26
EXTEND_SCRIPT = Script(script=(Path(__file__).parent / "lua/extend.lua").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08c8e79e24006bc5 Filesystem access.
pkgs/python/[email protected]/coredis/patterns/lock/__init__.py:27
RELEASE_SCRIPT = Script(script=(Path(__file__).parent / "lua/release.lua").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 19 low-confidence finding(s)
low env_fs dependency Excluded from app score #c224df06a2d8dfd2 Filesystem access.
pkgs/python/[email protected]/aiohttp/cookiejar.py:207
        with open(
            file_path,
            mode="w",
            encoding="utf-8",
            opener=lambda path, flags: os.open(path, flags, 0o600),
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78f6f402aead088 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:73
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5993f50bf0e52247 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:82
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebbf0b05afdc0baa Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:228
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d05d5c6f865938f7 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a2467900f74ae592 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:21
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9d4c335420297356 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a6e9734f5bc977e6 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:31
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c4b9bd5ebd898971 Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:20
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d215a4faf3631da Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d42fc523b244eb87 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #128e45eda5c2d305 Environment-variable access.
pkgs/python/[email protected]/setup.py:13
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d3823d8167f11e5 Environment-variable access.
pkgs/python/[email protected]/setup.py:15
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac5663ffdab9643 Environment-variable access.
pkgs/python/[email protected]/setup.py:16
CYTHON_TRACING: bool = bool(os.environ.get("AIOHTTP_CYTHON_TRACE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1f1f494146830447 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf7c731e048a1112 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2802d640ff9b47b5 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d5f22685ca95a79b Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e7eb7e19b3d2516b Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

alembic

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #32e39b8bc042c15c Filesystem access.
pkgs/python/[email protected]/alembic/command.py:141
                with open(toml_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c459da87b854da95 Filesystem access.
pkgs/python/[email protected]/alembic/command.py:174
                with open(path, "w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba3d1406e091a1a Filesystem access.
pkgs/python/[email protected]/alembic/config.py:277
            with open(self._toml_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81ae95aa0e6a1c4c Environment-variable access.
pkgs/python/[email protected]/alembic/config.py:985
        alembic_config_env = os.environ.get("ALEMBIC_CONFIG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db06df2f25889a97 Filesystem access.
pkgs/python/[email protected]/alembic/templates/multidb/env.py:70
        with open(file_, "w") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4639b4271fa2fc17 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:93
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f2f0b9b58bd7e72 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:113
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d44973ca7586b46 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:300
    with open(cfg.toml_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8cf417fafd3bd5f Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:307
    with open(cfg.config_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2adde64a414f8d8a Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:332
    with open(path, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74debf5886a3b2b3 Environment-variable access.
pkgs/python/[email protected]/alembic/testing/fixtures.py:70
        os.environ.pop("ALEMBIC_CONFIG", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c1ef1766945c260 Environment-variable access.
pkgs/python/[email protected]/alembic/util/editor.py:33
    env = os.environ if environ is None else environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece0ee698e01853c Filesystem access.
pkgs/python/[email protected]/alembic/util/pyfiles.py:48
        with open(dest, "ab" if append_with_newlines else "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd3ac181887c733c Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #698302614048eefd Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(
    "SQLA_REPO", "git+https://github.com/sqlalchemy/sqlalchemy.git"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a299b527f6ebf20 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:134
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51fd50f0ac683b38 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:141
            cmd.extend(os.environ.get("TOX_SQLITE", "--db=sqlite").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7580c53f7cbdf2 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:147
                os.environ.get("TOX_POSTGRESQL", "--db=postgresql").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff41af836e2f6a2e Environment-variable access.
pkgs/python/[email protected]/noxfile.py:153
            cmd.extend(os.environ.get("TOX_MYSQL", "--db=mysql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #974b947e7248671d Environment-variable access.
pkgs/python/[email protected]/noxfile.py:160
            if "ORACLE_HOME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b40eff7528a2db83 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:161
                session.env["ORACLE_HOME"] = os.environ.get("ORACLE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e056856a94923d9 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:162
            if "NLS_LANG" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b4bedfaea43db7 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:163
                session.env["NLS_LANG"] = os.environ.get("NLS_LANG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc51e344a788c30e Environment-variable access.
pkgs/python/[email protected]/noxfile.py:164
            cmd.extend(os.environ.get("TOX_ORACLE", "--db=oracle").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bf8ef41a59715f8 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:170
            cmd.extend(os.environ.get("TOX_MSSQL", "--db=mssql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82894466976f42d Environment-variable access.
pkgs/python/[email protected]/noxfile.py:247
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7e7485bc49183e16 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:85
    with open(destination_path, "w") as buf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e3b8b6157250fc70 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:305
            sys.stdout.write(f_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aacca5135b344b43 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:352
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b52fcec73ebf8d48 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:392
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anyio

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #4050959ca4ac5288 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:203
    sys.stdin = open(os.devnull)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3455f67012a959 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:204
    sys.stdout = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

asyncpg

python dependency
expand_more 52 low-confidence finding(s)
low env_fs dependency Excluded from app score #b5e036062e8745bf Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:102
        if os.environ.get('USE_UVLOOP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c893ff7a1b3ec1 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:246
        pg_host = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40bb074f71ddba98 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:352
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e57252ca96b6464e Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:509
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e34240f9085621 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:64
    if _system == 'Windows' and os.environ.get("GITHUB_ACTIONS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82db5ef7f9be3b2d Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:82
            os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1fe0915e3068141 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:83
            or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c94003c249d45a2e Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:215
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86cfa6d93ce67c8 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:245
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e7a91e10b3130e3 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:377
            with open(pg_hba, 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63f7fda8e0fc525e Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:412
            with open(pg_hba, 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ed4827c2f54c18 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:466
            with open(pidfile, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9173e55b864d348f Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:566
                os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07daf12006b8a740 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:567
                or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6060ef22c8612598 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:573
                pathenv = os.environ.get('PATH').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b441354997728aae Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:671
            with open(os.path.join(self._data_dir, 'recovery.conf'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d577a00fa4534f Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:680
            f = open(os.path.join(self._data_dir, 'standby.signal'), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #934a1a62fc2d7dca Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:201
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b284e603dd9d0c36 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:306
            connection_service_file = os.getenv('PGSERVICEFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33464ffa6d05dbea Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:555
        service = os.environ.get('PGSERVICE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4609c2f0eece6228 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:557
        hostspec = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9c785c32694a8e6 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:577
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04dfb6f4f4579b1e Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:595
        user = os.getenv('PGUSER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f2af2ac99cbd00 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:600
        password = os.getenv('PGPASSWORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f6ccf75a23f1208 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:603
        database = os.getenv('PGDATABASE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a05c4a1cd97a1ff1 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:618
            passfile = os.getenv('PGPASSFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #846052f9be5111e9 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:653
        ssl = os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49bae3058880466e Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:664
            sslnegotiation = os.environ.get("PGSSLNEGOTIATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0caf5ac259de2d35 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:699
                    sslrootcert = os.getenv('PGSSLROOTCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04185965f1955bf0 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:745
                    sslcrl = os.getenv('PGSSLCRL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8c7f4f2b65c45be Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:764
                sslkey = os.getenv('PGSSLKEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #596a7f38252690a7 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:772
                sslcert = os.getenv('PGSSLCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5442caddbd0033eb Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:791
                keylogfile = os.environ.get('SSLKEYLOGFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5079d578d5c0bbdd Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:796
                ssl_min_protocol_version = os.getenv('PGSSLMINPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b51cebfdecf692ec Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:805
                ssl_max_protocol_version = os.getenv('PGSSLMAXPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd536891a259006f Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:826
        target_session_attrs = os.getenv(
            "PGTARGETSESSIONATTRS", SessionAttribute.any
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e0d8a6d01cfa518 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:841
        krbsrvname = os.getenv('PGKRBSRVNAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be2c646991378daa Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:844
        gsslib = os.getenv('PGGSSLIB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #561532edfd1bf761 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(version_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e87e1f78d66c51 Filesystem access.
pkgs/python/[email protected]/setup.py:40
with open(str(_ROOT / 'README.rst')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b3a09284692756 Filesystem access.
pkgs/python/[email protected]/setup.py:44
with open(str(_ROOT / 'asyncpg' / '_version.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a6e858eff40dda Environment-variable access.
pkgs/python/[email protected]/setup.py:60
        v = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ab366036b4d320 Filesystem access.
pkgs/python/[email protected]/setup.py:82
        with open(str(filename)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7cc1b43d3cd394a Filesystem access.
pkgs/python/[email protected]/setup.py:89
        with open(str(filename), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc51c9bf56621ce Environment-variable access.
pkgs/python/[email protected]/setup.py:137
        if os.environ.get('ASYNCPG_DEBUG'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49053ef50a4660ef Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8359afbd2fec3dbd Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ALWAYS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f548809095007a Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b8664d22ce13a3c Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ANNOTATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9a5efaad000a7d1 Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80f2c851d44d813b Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_DIRECTIVES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef53c2b8e8497546 Environment-variable access.
pkgs/python/[email protected]/setup.py:239
    or os.environ.get("ASYNCPG_BUILD_CYTHON_ALWAYS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

authlib

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #6e9c5410c484fa26 Environment-variable access.
pkgs/python/[email protected]/authlib/common/security.py:15
    if os.getenv("AUTHLIB_INSECURE_TRANSPORT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bashlex

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #643c921cec4dede9 Filesystem access.
pkgs/python/[email protected]/bashlex/yacc.py:2347
                debuglog = PlyLogger(open(debugfile, 'w'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

binaryornot

python dependency
expand_more 9 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #d82b4ead42450c42 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:20
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6533c2d7c08298a7 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:36
            with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1599d6f0bf0ac322 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:158
        with open(test_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e0e2d7b78bd43e14 Environment-variable access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:165
                **os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #612e5097aeae2256 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:442
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0fab439e68e661e8 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:510
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a043651a19ccc5b9 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:591
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1375a79b13572b7f Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:599
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95eab0a9d42a289e Filesystem access.
pkgs/python/[email protected]/src/binaryornot/helpers.py:89
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #1497b5a0c95de379 Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c42f029b20a41777 Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:200
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ee9481ff71cee8f Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d248b30ee3de145e Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browsergym-core

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #01b71c92e20c7cd4 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:81
    with open(chatbox_dir / "chatbox_modern.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71748cc3b1a03b36 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:88
    with open(chatbox_dir / "chatbox.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6345d062ca217d7 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:90
    with open(chatbox_dir / "assistant.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cloud-sql-python-connector

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #2cdff2da8493ff7a Environment-variable access.
pkgs/python/[email protected]/google/cloud/sql/connector/connector.py:189
            self._quota_project = os.environ.get("GOOGLE_CLOUD_QUOTA_PROJECT")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e31f486690f6c6b Environment-variable access.
pkgs/python/[email protected]/google/cloud/sql/connector/connector.py:194
            self._universe_domain = os.environ.get("GOOGLE_CLOUD_UNIVERSE_DOMAIN")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

deprecation

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d0c6954d503f0ac7 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open("deprecation.py", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68941c17ffe293a2 Filesystem access.
pkgs/python/[email protected]/setup.py:36
      long_description=io.open("README.rst", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dirhash

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #40813e0115387957 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open(os.path.join(PROJECT_ROOT, "README.md"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47fd71a6b40727e6 Filesystem access.
pkgs/python/[email protected]/src/dirhash/__init__.py:587
    with open(filepath, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docker

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #ae39a5e33342d3a1 Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:153
                with open(dockerignore) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac49753fa1e6a04 Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:370
        with open(abs_dockerfile) as df:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d051d23f2bacf7 Filesystem access.
pkgs/python/[email protected]/docker/api/image.py:141
            with open(src, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57cc0fb1f34f774d Filesystem access.
pkgs/python/[email protected]/docker/auth.py:159
                with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4fdefed64a421dc Filesystem access.
pkgs/python/[email protected]/docker/auth.py:356
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0461866c27a110a Filesystem access.
pkgs/python/[email protected]/docker/context/api.py:115
                            open(os.path.join(dirname, filename)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b148f6dfa29dbb6d Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:17
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4ad4cb6ac141c3c Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:31
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49dda5ded0f40ff5 Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:43
        with open(docker_cfg_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e2bfdb0113b87a7 Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:100
            with open(meta_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ebab6a0f554d3f0 Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:150
        with open(get_meta_file(self.name), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f38ac5e848d6ea5c Environment-variable access.
pkgs/python/[email protected]/docker/credentials/utils.py:8
    result = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df2e8bac075440c9 Environment-variable access.
pkgs/python/[email protected]/docker/transport/sshconn.py:50
        env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38c058fa6281654f Filesystem access.
pkgs/python/[email protected]/docker/transport/sshconn.py:197
            with open(ssh_config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f88fc8f466709dd Filesystem access.
pkgs/python/[email protected]/docker/utils/build.py:102
                with open(full_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aad8916123627e4 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:34
    config_dir = os.environ.get('DOCKER_CONFIG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad96d49c931d03e2 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:46
        return os.environ.get('USERPROFILE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f4ccdc411d81eca Filesystem access.
pkgs/python/[email protected]/docker/utils/config.py:58
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66e6643c7a80040 Environment-variable access.
pkgs/python/[email protected]/docker/utils/utils.py:355
        environment = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dd36ec3b878945e Filesystem access.
pkgs/python/[email protected]/docker/utils/utils.py:465
    with open(env_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastapi

python dependency
expand_more 64 low-confidence finding(s)
low env_fs dependency Excluded from app score #20dac95690db6fd4 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial001_py310.py:7
    with open("log.txt", mode="w") as email_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8350dd1ad2f27e Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_an_py310.py:9
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f9202b9fe43b346 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_py310.py:7
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d405c164663b821a Filesystem access.
pkgs/python/[email protected]/docs_src/custom_response/tutorial008_py310.py:11
        with open(some_file_path, mode="rb") as file_like:  # (2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46a50b754fd16cb1 Filesystem access.
pkgs/python/[email protected]/docs_src/events/tutorial002_py310.py:8
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bf1a14ae9c36e39 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:5
openapi_content = json.loads(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da7c5cad017ccc8 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:15
file_path.write_text(json.dumps(openapi_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d449e4d70c5a0eb7 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:12
    with open(RELEASE_NOTES_FILE) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #de7df51f27482ca7 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:31
        with open(RELEASE_NOTES_FILE, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #79b8a9bb4e94dd49 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #308c39609e9a9f1d Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:227
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b8eb9bc965c76064 Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:233
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aa27642be9f911d7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:105
    return yaml.unsafe_load(en_config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #902a47c82cdd903e Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:129
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a72545978806567 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:143
    new_llm_prompt_path.write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d42d008bd5c1e66d Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:223
    missing_translation = (docs_path / "missing-translation.md").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d9d815822b4f3f27 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:229
    translation_banner = translation_banner_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29b1f5424687343f Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:236
                markdown = translated_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a051e15036424b7a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:238
                    staged_file.write_text(markdown, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a579de05295170c8 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:242
                staged_file.write_text(
                    add_markdown_notice(markdown, banner), encoding="utf-8"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c991fa811a644a8b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:246
                markdown = staged_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c0313036f1a03733 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:247
                staged_file.write_text(
                    add_markdown_notice(markdown, missing_translation),
                    encoding="utf-8",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f0e7b7d26b739c12 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:277
    config_path.write_text(
        yaml.dump(config, sort_keys=False, width=200, allow_unicode=True),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #edc3daba0e254a6c Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:295
    config = yaml.unsafe_load(config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4684cf7949c0e40f Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:349
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0287d5981da145f5 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:355
    sponsors = yaml.safe_load(sponsors_data_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #acd0de4d6a6bb490 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:384
    old_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9bad0af3978c4d40 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:389
        readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f95991cc59209c3a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:430
        en_config_path.write_text(
            yaml.dump(updated_config, sort_keys=False, width=200, allow_unicode=True),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a963012eef3e27b5 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:488
        language_names_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fb48095de89b46e3 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:542
    sponsors = yaml.safe_load(sponsors_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0302491af8956e92 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:553
    old_content = partial_path.read_text("utf-8") if partial_path.is_file() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eff0230fd4965e5a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:558
        partial_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #14ce4891d0b29f76 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:609
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d172dd11425cb62b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:657
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #99c0531c608ac738 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:713
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8374861b9c7d87c6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:720
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a312cbaab6572aa6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:735
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #0cbbbf72a0eb5f3f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #d29c0c9605587346 Filesystem access.
pkgs/python/[email protected]/scripts/notify_translations.py:319
    contents = settings.github_event_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #562acd7952cda525 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:202
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #8acda58f6a7a7907 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:384
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9a0fa0ee2ba5cd13 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:390
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #35bf80e764ac8638 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:146
    version_file_content = version_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c6e52b48bd256949 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:147
    release_notes_content = release_notes_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e527aa63fb2ae4fe Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:152
    version_file.write_text(
        update_version_file(version_file_content, version, version_file)
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0629b2d3b6309be Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:155
    release_notes_file.write_text(
        update_release_notes(
            release_notes_content, version, parsed_release_date, release_notes_file
        )
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ab73532d32d948d9 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:178
    typer.echo(get_current_version(version_file.read_text(), version_file))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #24dd85383d7f07dd Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:206
    version = get_current_version(version_file.read_text(), version_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c93b431e799b1978 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:209
            release_notes_file.read_text(), version, release_notes_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #ec24246634daddb7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #f0c2271590a72471 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:148
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bec376f50e1a9024 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:154
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0883040569a0050b Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:52
    repos_old_content = repos_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #30d1faec9fbee776 Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:57
    repos_path.write_text(new_repos_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f15f9907521a7a0 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:31
general_prompt = general_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c24c1180b6f123f Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:38
    return yaml.safe_load(Path("docs/language_names.yml").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19c5804367b4390f Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:121
    lang_prompt_content = lang_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5060c958dc6d42c7 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:129
    original_content = en_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e99801d19760c94 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:133
        old_translation = out_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dd8bf1fcb49851d6 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:178
    out_path.write_text(out_content, encoding="utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d613e37243a0064 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:81
        doc_lines = path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #82bb00640e9d2e81 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:82
        en_doc_lines = en_doc_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f5b98f9a6099d0a4 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:94
        path.write_text("\n".join(doc_lines), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitpython

python dependency
expand_more 55 low-confidence finding(s)
low env_fs dependency Excluded from app score #62f14b125ed199ad Filesystem access.
pkgs/python/[email protected]/doc/source/conf.py:50
with open(os.path.join(os.path.dirname(__file__), "..", "..", "VERSION")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad9d2777b916f19 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:663
    GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e00f0d275dad8d41 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:779
            new_git = os.environ.get(cls._git_exec_env_var, cls.git_exec_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b8cdf0d98172825 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:828
                mode = os.environ.get(cls._refresh_env_var, "raise").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda0153d3d29e271 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:1256
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89fb9933f296e50a Filesystem access.
pkgs/python/[email protected]/git/cmd.py:1278
        stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1fe0840626fab3f Environment-variable access.
pkgs/python/[email protected]/git/config.py:259
        config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d818b1f861cfc001 Filesystem access.
pkgs/python/[email protected]/git/config.py:650
                    with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2605887e23f7a12c Filesystem access.
pkgs/python/[email protected]/git/config.py:768
            with open(fp, "wb") as fp_open:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fff259310df6598 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:705
                return open(filepath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e76db086508a7dc4 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1180
        with open(self._commit_editmsg_filepath(), "wb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc17506c7cafcd26 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1187
        with open(self._commit_editmsg_filepath(), "rb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #607a0e958152bc00 Environment-variable access.
pkgs/python/[email protected]/git/index/fun.py:89
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91dcecd07309f378 Environment-variable access.
pkgs/python/[email protected]/git/objects/commit.py:664
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0345f21b4d012b4b Filesystem access.
pkgs/python/[email protected]/git/objects/submodule/base.py:428
        with open(git_file, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beeb1b66c6ce3eaf Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:267
        with open(filepath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b270517ba06bd270 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:363
            fd = open(filepath, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #665830fb64cdd603 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:152
            with open(cls._get_packed_refs_path(repo), "rt", encoding="UTF-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77db6a2f7cda1a84 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:265
            with open(os.path.join(repodir, ref_path), "rt", encoding="UTF-8") as fp:  # type: ignore[arg-type]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d6fdb9379d44459 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:668
                with open(pack_file_path, "rb") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df771e27fb9b2205 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:696
                    with open(pack_file_path, "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a0c9321fb5f09f Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:738
            with open(abs_ref_path, "rb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22b1b6ce3d5c90a Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:822
                with open(new_abs_path, "rb") as fd1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbd8054e46614182 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:824
                with open(cur_abs_path, "rb") as fd2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f44ea69c384571df Filesystem access.
pkgs/python/[email protected]/git/remote.py:915
        with open(fetch_head.abspath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70d6ce5720532eb0 Environment-variable access.
repo/base.py:216
        epath = path or os.getenv("GIT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d2041b47e61f68c Environment-variable access.
repo/base.py:252
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd9b2f8f92d4fe7b Environment-variable access.
repo/base.py:253
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9d9800ef831348 Filesystem access.
repo/base.py:257
                    with open(osp.join(git_dir, "gitdir")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72443f01c9912e99 Environment-variable access.
repo/base.py:280
                if os.environ.get("GIT_COMMON_DIR") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc1751ac5c435fbf Environment-variable access.
repo/base.py:284
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60009ac64f591bee Environment-variable access.
repo/base.py:285
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546787441c6dd32f Filesystem access.
repo/base.py:321
            common_dir = (Path(self.git_dir) / "commondir").read_text().splitlines()[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d670f0ef620615 Filesystem access.
repo/base.py:382
        with open(filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c2024e9ba1f6cf Filesystem access.
repo/base.py:388
        with open(filename, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d05051b9a6448e7 Environment-variable access.
repo/base.py:663
            config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94af4d2fdeec87ee Filesystem access.
repo/base.py:922
            with open(alternates_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #737baa8be9d7d329 Filesystem access.
repo/base.py:945
            with open(alternates_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6beae6fc97bcc27d Filesystem access.
repo/base.py:1661
        with open(rebase_head_file, "rt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24cfe317d30efab3 Filesystem access.
repo/fun.py:55
    with open(filename, "ab"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d49e0a044f1f4f Environment-variable access.
repo/fun.py:69
        if (osp.isdir(osp.join(d, "objects")) or "GIT_OBJECT_DIRECTORY" in os.environ) and osp.isdir(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a18ce32f04bc99ca Filesystem access.
repo/fun.py:93
        lines = Path(dotgit).read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f0ed02a045e106 Filesystem access.
repo/fun.py:108
        with open(d) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #700cd8d2353c4eb9 Environment-variable access.
pkgs/python/[email protected]/git/util.py:122
        value = os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783100fff208f6e4 Environment-variable access.
pkgs/python/[email protected]/git/util.py:201
    old_value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4e468323b9b595 Environment-variable access.
pkgs/python/[email protected]/git/util.py:202
    os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2557829259aea068 Environment-variable access.
pkgs/python/[email protected]/git/util.py:207
            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78ec22a49361980 Environment-variable access.
pkgs/python/[email protected]/git/util.py:209
            os.environ[name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a12cfc4a712d9073 Environment-variable access.
pkgs/python/[email protected]/git/util.py:338
    PATHEXT = os.environ.get("PATHEXT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900915d6c5e474e1 Environment-variable access.
pkgs/python/[email protected]/git/util.py:374
        path = os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b68386380ed6b856 Environment-variable access.
pkgs/python/[email protected]/git/util.py:865
                val = os.environ[evar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45b651025ad68284 Filesystem access.
pkgs/python/[email protected]/git/util.py:1051
            with open(lock_file, mode="w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cd36623d948aeef Filesystem access.
pkgs/python/[email protected]/setup.py:14
    return (Path(__file__).parent / path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08681494893e3f9e Filesystem access.
pkgs/python/[email protected]/setup.py:49
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9959c198236f9d06 Filesystem access.
pkgs/python/[email protected]/setup.py:59
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-api-python-client

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #d8b105614b01c2a0 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:430
    if "REMOTE_ADDR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15690f7b1d47b2ea Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:431
        actual_url = _add_query_parameter(url, "userIp", os.environ["REMOTE_ADDR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a30537a4c684ea0e Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:573
        universe_domain_env = os.getenv(GOOGLE_CLOUD_UNIVERSE_DOMAIN, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647d3ea11d5e5059 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:656
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a029eb9c1155a3ce Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:703
            use_mtls_endpoint = os.getenv(GOOGLE_API_USE_MTLS_ENDPOINT, "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e361d475de28586 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:37
    if "GAE_ENV" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a2f3580840f9d42 Filesystem access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:72
        with open(os.path.join(DISCOVERY_DOC_DIR, doc_name), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c7af40d4c292f7c Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:594
        self._fd = open(self._filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23de05653434536 Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:1735
            with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649a9f8238df8b6d Filesystem access.
pkgs/python/[email protected]/googleapiclient/sample_tools.py:104
        with open(discovery_filename) as discovery_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e94835ac039c8bf4 Filesystem access.
pkgs/python/[email protected]/setup.py:52
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #347b4e67229e8a3e Filesystem access.
pkgs/python/[email protected]/setup.py:58
with open(os.path.join(package_root, "googleapiclient/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-httplib2

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #545f54f1afd52e64 Filesystem access.
pkgs/python/[email protected]/setup.py:26
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-oauthlib

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #8d03e1b7a4e13e26 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/flow.py:198
        with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635faecfd2ee7dd8 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/helpers.py:94
    with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc426fbff96fb1ec Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/tool/__main__.py:113
        with open(credentials, "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b91b1341dc3c0cb7 Filesystem access.
pkgs/python/[email protected]/setup.py:31
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-recaptcha-enterprise

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #0ea948c7bc37cf1b Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:175
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cc9ac1af3361242 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:466
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e75dc542563a9f Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e13be1d19e3bbfc Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:508
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4750ba0264b8626f Filesystem access.
pkgs/python/[email protected]/setup.py:31
with open(
    os.path.join(package_root, "google/cloud/recaptchaenterprise/gapic_version.py")
) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75dee280cb9a00dd Filesystem access.
pkgs/python/[email protected]/setup.py:60
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #1f508d0b02b00887 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:110
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a4d3be24bfac6ab Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:111
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4383ceccdfcf78da Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:616
      env_enterprise_str = os.environ.get('GOOGLE_GENAI_USE_ENTERPRISE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f918b8990d5f172b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:617
      env_vertexai_str = os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2bf1db7f179851 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:677
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #956d2090d4d77cb3 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:678
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6a9b19f894d70c8 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1046
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406ae0da82e904a1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1047
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7215a979ab5a8d0c Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1100
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5abd56fec95c026 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1101
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #856f12d0c721fb27 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1158
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a648a83a556bebf Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1159
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4339fc1f1c8cc16 Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1764
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #605f6abab74b6676 Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9efc8e77345a2424 Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8550d5eec43c92 Filesystem access.
pkgs/python/[email protected]/google/genai/_gaos/types/base64fileinput.py:39
            with open(value, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b027e09d56012f32 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/logger.py:40
    if os.getenv("GOOGLE_GENAI_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee48ab9c0e8c18a1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:95
    if os.getenv("GOOGLE_GENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #738a152b9ee514da Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:96
        security_dict["api_key"] = os.getenv("GOOGLE_GENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b433deb26af42b01 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:98
    if os.getenv("GOOGLE_GENAI_ACCESS_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25e2631894f3812a Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:99
        security_dict["access_token"] = os.getenv("GOOGLE_GENAI_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7324a6c4378129b Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:101
    if os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8729c9391c9bee6c Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:102
        security_dict["default_headers"] = os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32cd132eed7e1cf7 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/values.py:79
    env_value = os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78a692b9890506eb Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:111
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb20ee8135f2976d Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:128
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #151f73f744abd12a Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:223
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97571adf5585aef Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fce3b2fdd603863e Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9c214b7b8738eef Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:359
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9751863ab879cd35 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:386
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b09a4ac0aac52cb Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:197
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7576e54b4f2af9 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:201
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #738df0de43f41316 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:205
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda9cb758cecc5cc Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:9036
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee87a5206c4dc79c Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:11421
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffa3cb25429cb5e9 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:22491
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gspread

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #1057d5ad45d4613d Environment-variable access.
pkgs/python/[email protected]/gspread/auth.py:52
        return Path(os.environ["APPDATA"], config_dir_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f320c72e012d4355 Filesystem access.
pkgs/python/[email protected]/gspread/auth.py:208
        with open(credentials_filename) as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

html2text

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #943cd6c8a2da9539 Filesystem access.
pkgs/python/[email protected]/html2text/cli.py:285
        with open(args.filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #56bfe44b7f86a0a9 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b6b2d5c95071011 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #005650373a37792e Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f02bf225524c824 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx-aiohttp

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #cb3fae0e7b6de200 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3d2bf445642ce95a Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #125cf91db655fab8 Filesystem access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:30
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cb58ac30191ba0a2 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:19
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #097913b2ecccfd2a Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:20
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11e4011946300cda Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:36
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #77edcd2ed0134265 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e0ba8dbabf6c0f30 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #156264d5c3c7d1f3 Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:33
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e4c0e8bc6cf459d5 Filesystem access.
pkgs/python/[email protected]/benchmarks/reporter.py:28
    with open(report_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71fbcbcc97673247 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:42
    report_str.append(f"**PR Number**: {os.getenv('PR_NUMBER')}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6f284e955900db53 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:63
    repo_owner = os.getenv("GITHUB_REPOSITORY_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e87528186c5395aa Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:64
    repo_name = os.getenv("GITHUB_REPOSITORY").split("/")[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7866af3eb22acec Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:65
    pr_number = os.getenv("PR_NUMBER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd797fc6ea14180b Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:66
    token = os.getenv("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ipywidgets

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #0d88489f5f7a4845 Filesystem access.
pkgs/python/[email protected]/ipywidgets/embed.py:318
        with open(fp, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #face58df62e736f9 Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:36
    if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c81e0d5f94895b04 Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:37
        return os.environ[name].lower() not in ['no', 'n', 'false', 'off', '0', '0.0']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c56b23e306b1f34c Filesystem access.
pkgs/python/[email protected]/ipywidgets/widgets/widget_media.py:94
            with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jinja2

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #580087b5e4ca77d2 Filesystem access.
pkgs/python/[email protected]/src/jinja2/bccache.py:270
            f = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ec07430bcb98e9 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:860
                with open(os.path.join(target, filename), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c0d510016d80237 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:1611
            real_fp: t.IO[bytes] = open(fp, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeb058e4b613afb1 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:214
        with open(filename, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2939dfafe6df6a92 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:382
            with open(p, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d3c6a72abc47530 Filesystem access.
pkgs/python/[email protected]/src/jinja2/utils.py:171
    return open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

joblib

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #cdf53449bd3a14b4 Environment-variable access.
pkgs/python/[email protected]/conftest.py:73
    DEFAULT_BACKEND = os.environ.get("JOBLIB_TESTS_DEFAULT_PARALLEL_BACKEND", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75a8f6d14f5a0e13 Environment-variable access.
pkgs/python/[email protected]/conftest.py:110
        os.environ.get(k) is None for k in ParallelBackendBase.MAX_NUM_THREADS_VARS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f6f5c663db1060b Environment-variable access.
pkgs/python/[email protected]/joblib/__init__.py:163
os.environ.setdefault("KMP_INIT_AT_FORK", "FALSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd231c0573e4652 Environment-variable access.
pkgs/python/[email protected]/joblib/_memmapping_reducer.py:209
        temp_folder = os.environ.get("JOBLIB_TEMP_FOLDER", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ff9f67b246447a2 Environment-variable access.
pkgs/python/[email protected]/joblib/_multiprocessing_helpers.py:13
mp = int(os.environ.get("JOBLIB_MULTIPROCESSING", 1)) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642bd4e24632b25b Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:238
                var_value = os.environ.get(var, default_n_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d524fc479ca67d82 Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:244
        if self.TBB_ENABLE_IPC_VAR not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7a23c542e170093 Filesystem access.
pkgs/python/[email protected]/joblib/_store_backends.py:480
                with open(gitignore, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfc105e0e4f0a1c1 Filesystem access.
pkgs/python/[email protected]/joblib/compressor.py:289
            self._fp = io.open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c7bea6ba0aa86ed Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:151
        with open(cpu_max_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5293f9bce46317df Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:156
        with open(cfs_quota_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a608583ceb71cb6 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:158
        with open(cfs_period_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fafe2a2c7cc25555 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:199
            and os.environ.get("LOKY_MAX_CPU_COUNT") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e72c1881d66ab9ff Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:222
    cpu_count_loky = int(os.environ.get("LOKY_MAX_CPU_COUNT", os_cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #115705541067243c Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/fork_exec.py:21
    env = {**os.environ, **env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3059f5cf8eae99ca Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:73
        child_env = {**os.environ, **process_obj.env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce60aabf782daa8a Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:83
        with open(wfd, "wb") as to_child:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b84b9e823268fa1 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/reduction.py:89
ENV_LOKY_PICKLER = os.environ.get("LOKY_PICKLER", DEFAULT_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a3169b9721fbab Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/resource_tracker.py:284
        with open(fd, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3ceb12c21952b1 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:93
MAX_DEPTH = int(os.environ.get("LOKY_MAX_DEPTH", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #428d46464deb542d Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:382
    if "PYTHONFAULTHANDLER" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67cfc6d1580d0da5 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:388
            f"PYTHONFAULTHANDLER={os.environ['PYTHONFAULTHANDLER']}."

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad32ce51b8bd64bd Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:125
                with open(logfile, "w") as logfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24e6a812b4b876c7 Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:150
                with open(self.logfile, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71302f066bac0f57 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:599
        with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e290ca3c1bef3a8e Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:650
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8bb081bdf3ee48 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:735
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7f8e06e9d140b84 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:156
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3abe4fb7606c7983 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:230
    with open(filename, "rb") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9546b18e86b2adca Environment-variable access.
pkgs/python/[email protected]/joblib/parallel.py:581
    method = os.environ.get("JOBLIB_START_METHOD", "").strip() or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jupyter-kernel-gateway

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #d1991895bc7705fc Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:92
        return int(os.getenv(self.port_env, self.port_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43adf13720a7efc8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:104
        return int(os.getenv(self.port_retries_env, self.port_retries_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9722330feacc1b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:114
        return os.getenv(self.ip_env, self.ip_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5efba9b2dfbdbc4e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:127
        return os.getenv(self.base_url_env, self.base_url_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #622733521fd14d65 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:137
        return os.getenv(self.auth_token_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #766b5c39e540f88a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:148
        return os.getenv(self.allow_credentials_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba0e42d91d7de72a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:157
        return os.getenv(self.allow_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672be8501a5291bb Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:166
        return os.getenv(self.allow_methods_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94013c3b86355b53 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:175
        return os.getenv(self.allow_origin_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78dfd608d923b399 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:185
        return os.getenv(self.expose_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #998650da897b2c00 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:196
        return os.getenv(self.trust_xheaders_env, "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1381dc4fcd9101 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:205
        return os.getenv(self.max_age_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #748b338787462938 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:217
        val = os.getenv(self.max_kernels_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102cb62725d1807d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:230
        return os.getenv(self.seed_uri_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7059b2ef010904c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:242
        val = os.getenv(self.prespawn_count_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0400aaca12152487 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:254
        return os.getenv(self.default_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffec3c7bd48ab5f8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:264
        return os.getenv(self.force_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098a4624b9ed6d97 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:274
        return os.getenv(self.env_process_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1698a6b02939ef0 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:290
        return os.getenv(self.api_env, self.api_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e66d9b935632fd Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:310
        return os.getenv(self.certfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #995667f6e73e9ef0 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:322
        return os.getenv(self.keyfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28ef9995d390dc77 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:334
        return os.getenv(self.client_ca_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd1bb6576c7c142 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:347
        ssl_from_env = os.getenv(self.ssl_version_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #185be09cd360fc6a Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:373
            with open(self.cookie_secret_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #674ac35127a8d746 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:407
        return int(os.getenv(self.ws_ping_interval_env, self.ws_ping_interval_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #123ad836fe4843c2 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:495
            with open(path) as nb_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ee709f5f432eb9b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:34
        return os.getenv(self.list_kernels_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #055da860178886a8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:45
        return os.getenv(self.env_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e12a9e65528d03 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:37
        return os.getenv(self.cell_parser_env, "kernel_gateway.notebook_http.cell.parser")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3606063811f083e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:52
        return os.getenv(self.allow_notebook_download_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcef335128e67398 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:64
        return os.getenv(self.static_path_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfaf3921ee707917 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:57
            env = {"PATH": os.getenv("PATH", "")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc5047fa58b9370 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:62
                    for key, value in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jupyter_kernel_gateway

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #9bc3d89c93fa6d1f Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:92
        return int(os.getenv(self.port_env, self.port_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b288083c7eee2f2e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:104
        return int(os.getenv(self.port_retries_env, self.port_retries_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe48162c698a256d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:114
        return os.getenv(self.ip_env, self.ip_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #836c686cb084d548 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:127
        return os.getenv(self.base_url_env, self.base_url_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293df1c92cd4a614 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:137
        return os.getenv(self.auth_token_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3312aac82fc2e842 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:148
        return os.getenv(self.allow_credentials_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03f1a0e67fba3c29 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:157
        return os.getenv(self.allow_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c4aad9a40da7700 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:166
        return os.getenv(self.allow_methods_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11421970ffad97b8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:175
        return os.getenv(self.allow_origin_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e28c4bef1994387 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:185
        return os.getenv(self.expose_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #534aac307bd0f7e2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:196
        return os.getenv(self.trust_xheaders_env, "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bab1a81fba14a09 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:205
        return os.getenv(self.max_age_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0f2f63f3f6ce72b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:217
        val = os.getenv(self.max_kernels_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f25a81d0068950 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:230
        return os.getenv(self.seed_uri_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd8962908aeba4b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:242
        val = os.getenv(self.prespawn_count_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be2750a71073197 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:254
        return os.getenv(self.default_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cb6f88eb816229e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:264
        return os.getenv(self.force_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd3f5c415b03eb3 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:274
        return os.getenv(self.env_process_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #845b9cd8d5f7a736 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:290
        return os.getenv(self.api_env, self.api_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9844bee01d32d793 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:310
        return os.getenv(self.certfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de44a687b0a818b0 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:322
        return os.getenv(self.keyfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e68b30ffd57d6071 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:334
        return os.getenv(self.client_ca_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf59d8ac08437860 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:347
        ssl_from_env = os.getenv(self.ssl_version_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bfd9892fa6a92c4 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:373
            with open(self.cookie_secret_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00de82b35a80151 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:407
        return int(os.getenv(self.ws_ping_interval_env, self.ws_ping_interval_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6c74625ef232f5 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:495
            with open(path) as nb_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b8e780c3fb12fa Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:34
        return os.getenv(self.list_kernels_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34be59b0dfc51459 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:45
        return os.getenv(self.env_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3be22c7292ecbf0c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:37
        return os.getenv(self.cell_parser_env, "kernel_gateway.notebook_http.cell.parser")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c411dbfb3b159416 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:52
        return os.getenv(self.allow_notebook_download_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a7609747ad0211 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:64
        return os.getenv(self.static_path_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef74b29a101c458 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:57
            env = {"PATH": os.getenv("PATH", "")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d3426d28ec8bdc Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:62
                    for key, value in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

kubernetes

python dependency
expand_more 58 low-confidence finding(s)
low env_fs dependency Excluded from app score #801cf6e063c48e5e Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:501
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd90c111eebf3a9b Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:612
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0ea5daa8473750 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/exec_provider.py:44
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5ed61df4a412537 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888ba1e3c03c9eef Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f039c46481205d7 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17be1e34c16b4070 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:38
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', (pathlib.Path.home() / '.kube/config').as_posix())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5094b7bcc0675ce4 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:97
        with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95f3d5fcd1ab174f Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:124
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e05e0e1748c7ff5 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:525
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc23f62774ae632 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:558
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c8f68f171794a5 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:126
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff99da9904bb69ee Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:304
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1cbd0489a552f00 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:326
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43bef3b114cfca35 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:962
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9deea04b7c2043 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:964
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5d8c35b36351fc0 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:966
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbe4a43b6f3483e8 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:968
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceb40fc9e710893e Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:498
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40c30142f1d065f8 Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:606
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #727d73872d04d0fc Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:212
        if os.getenv("HTTPS_PROXY"): self.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #965d986269bc4500 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:213
        if os.getenv("https_proxy"): self.proxy = os.getenv("https_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da5042aadb3dc6b5 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:214
        if os.getenv("HTTP_PROXY"): self.proxy = os.getenv("HTTP_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16fff266df7cafd0 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:215
        if os.getenv("http_proxy"): self.proxy = os.getenv("http_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96885c0ed18b6ae5 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:217
        if os.getenv("NO_PROXY"): self.no_proxy = os.getenv("NO_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62d6375a12444e60 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:218
        if os.getenv("no_proxy"): self.no_proxy = os.getenv("no_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9921abc43949375f Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/exec_provider.py:48
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b1826bf7692dcb8 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f6a370647f1c686 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c1e558c79cddd89 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d518b2e55c0eb4f6 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:48
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', '~/.kube/config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef32cc03ccdf746 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:76
    with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cebaef2383001e7 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:131
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a34e2c9270836dc3 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:392
            with open(ca_cert.name, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #010aa63e64a64210 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:670
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e84332979c704ad Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:707
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503b8614b61c432d Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:164
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0a3641d8f21b312 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:387
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d56a5bc788783cd Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:409
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f7c44e42a0fb8d1 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1173
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab5cb46b6b3ca60 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1175
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #263cf33604acf120 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1177
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5752c63cfdbf552 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1179
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #814ca9ffc9d12de6 Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:60
                with open(self.__cache_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b22bba46be7edba Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:75
            with open(self.__cache_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ba9060924cadfa8 Filesystem access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:55
    cfg_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4574fc7485901b18 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:362
    cfg.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c72065127023ed53 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:363
    cfg.no_proxy = os.getenv("NO_PROXY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f86ba0c13922f4da Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:372
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7266fd8ec72b145 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:376
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96925e80a37a3ed5 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:386
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8028668a27e15f64 Filesystem access.
pkgs/python/[email protected]/kubernetes/utils/create_from_yaml.py:175
        with open(os.path.abspath(yaml_file)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1b5a83ce664a384 Filesystem access.
pkgs/python/[email protected]/setup-release.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c29776fb8fea0b4 Filesystem access.
pkgs/python/[email protected]/setup-release.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4444a2b8c5063ce Filesystem access.
pkgs/python/[email protected]/setup-release.py:50
with open('requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #463615b9dde200fe Filesystem access.
pkgs/python/[email protected]/setup-release.py:53
with open('test-requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c0fbceb3ed55bf Filesystem access.
pkgs/python/[email protected]/setup.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850a366c7a3d1711 Filesystem access.
pkgs/python/[email protected]/setup.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

libtmux

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #2d5e5e9c471d23ea Environment-variable access.
pkgs/python/[email protected]/src/libtmux/_internal/env.py:65
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f7381c37c811ad6 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/formats.py:21
FORMAT_SEPARATOR = os.environ.get("LIBTMUX_TMUX_FORMAT_SEPARATOR", "␞")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6610683a3dbc007 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:25
USING_ZSH = "zsh" in os.getenv("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe4cc0820e09947 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:56
    tmux_tmpdir = pathlib.Path(os.environ.get("TMUX_TMPDIR", "/tmp"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22f5836a15dd3336 Filesystem access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:107
    c.write_text(
        """
set -g base-index 1
    """,
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7704a0aaceeb8bdb Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:122
    for k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d96fdc48e8cbc23 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2324
        env = os.environ.get("TMUX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #839c997f57860341 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2327
            del os.environ["TMUX"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54067c846dba9f95 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2381
                os.environ["TMUX"] = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

limits

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #f28f8b7a75e7463b Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:29
if branch_from_env := os.environ.get("READTHEDOCS_VERSION", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87964b435f710e6c Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:33
        "sha": os.environ.get("READTHEDOCS_GIT_COMMIT_HASH", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723a4864e353d5c0 Filesystem access.
pkgs/python/[email protected]/doc/source/ext/bench_chart.py:116
    with open(out_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84aa56025185d28 Filesystem access.
pkgs/python/[email protected]/limits/util.py:156
    return importlib.resources.files("limits").joinpath(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

memory-profiler

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #bac82a38a93a24d4 Environment-variable access.
pkgs/python/[email protected]/memory_profiler.py:494
    path = os.getenv('PATH', os.defpath).split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56b835ce94121d91 Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1015
            with open(text_file, 'w') as pfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #983d05f23bc60bfd Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1251
        with io.open(filename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7072a5ed1da30671 Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1356
            out_file = open(args.out_filename, "a")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9713a748e600a6e Filesystem access.
pkgs/python/[email protected]/mprof.py:281
    with open(mprofile_output, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #882106e9f854d150 Filesystem access.
pkgs/python/[email protected]/mprof.py:360
    f = open(filename, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

modal

python dependency
expand_more 81 low-confidence finding(s)
low env_fs dependency Excluded from app score #5957e8f33b293253 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:47
    os.environ["NCCL_HOSTID"] = f"{hostname}{container_ip}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc73190865f3af3c Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:51
    if os.environ["MODAL_CLOUD_PROVIDER"] in ("CLOUD_PROVIDER_GCP", "CLOUD_PROVIDER_OCI"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c0f2f7781b52054 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:52
        os.environ["NCCL_SOCKET_NTHREADS"] = "4"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03882e29d3cccfce Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:53
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54bbe2eb375fa8ce Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:54
    elif os.environ["MODAL_CLOUD_PROVIDER"] == "CLOUD_PROVIDER_AWS":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b3d1a1b8b4b787d Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:55
        os.environ["NCCL_SOCKET_NTHREADS"] = "2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #801d159d42b02697 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:56
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "8"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f9c3c5450e4f75 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:58
        os.environ["NCCL_SOCKET_NTHREADS"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f8c93d5ad03d33 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:59
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe11b1e0875a1c6 Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:12
telemetry_socket = os.environ.get("MODAL_TELEMETRY_SOCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d6ad8062e03988 Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:432
        function_def.is_checkpointing_function and os.environ.get("MODAL_ENABLE_SNAP_RESTORE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ab51a84a1f341ce Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:481
    container_arguments_path: str | None = os.environ.get("MODAL_CONTAINER_ARGUMENTS_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1adf3985995c8902 Filesystem access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:484
    container_args.ParseFromString(open(container_arguments_path, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f882b35e81aa2b Filesystem access.
pkgs/python/[email protected]/modal/_image.py:213
    with open(LOCAL_REQUIREMENTS_DIR / "base-images.json") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2b66131e8494bda Environment-variable access.
pkgs/python/[email protected]/modal/_image.py:295
        if (env_var := "MODAL_IMAGE_BUILDER_VERSION") in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d0b13ca2edd00e4 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:367
                FilePatternMatcher(*dockerignore_file.read_text("utf8").splitlines())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d32b2fa205ad4c8 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:372
            cmds = dockerfile_path.read_text("utf8").splitlines() if dockerfile_path else dockerfile_cmds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02ed44f738f8e4af Filesystem access.
pkgs/python/[email protected]/modal/_image.py:383
            cmds = dockerfile_path.read_text("utf8").splitlines() if dockerfile_path else dockerfile_cmds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbab6f9df3381023 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:648
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7c86a058e4a607e Environment-variable access.
pkgs/python/[email protected]/modal/_image.py:715
                allow_global_deployment=os.environ.get("MODAL_IMAGE_ALLOW_GLOBAL_DEPLOYMENT") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14fd41a68a308f0d Filesystem access.
pkgs/python/[email protected]/modal/_image.py:1723
            with open(pyproject_toml) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d334a3643b65042b Filesystem access.
pkgs/python/[email protected]/modal/_image.py:2437
            with open(os.path.expanduser(path)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a18baa737f1d5d0 Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:37
        env_term=os.environ.get("TERM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce17ac12b883dd59 Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:38
        env_colorterm=os.environ.get("COLORTERM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a49d06c136a4605 Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:39
        env_term_program=os.environ.get("TERM_PROGRAM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9168d3e27ec8b53e Filesystem access.
pkgs/python/[email protected]/modal/_output/rich.py:388
                with open(filename, encoding="utf-8", errors="replace") as code_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ca6b2f6253c416 Environment-variable access.
pkgs/python/[email protected]/modal/_runtime/user_code_imports.py:284
    if function_def.is_checkpointing_function and os.environ.get("MODAL_ENABLE_SNAP_RESTORE") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6193f0d28c13136 Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:191
        data_file_readers = [open(filename, "rb") for _ in range(len(part_urls))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829dc3d379dd7e32 Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:506
        lambda: open(filename, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a34baf8e2c1b9d Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:564
            return open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ec6d661743e8cfa Environment-variable access.
pkgs/python/[email protected]/modal/_utils/logger.py:43
log_level = os.environ.get("MODAL_LOGLEVEL", "WARNING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78a59c14dceb08dc Environment-variable access.
pkgs/python/[email protected]/modal/_utils/logger.py:44
log_format = os.environ.get("MODAL_LOG_FORMAT", "STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f9566f81222258 Environment-variable access.
pkgs/python/[email protected]/modal/_vendor/a2wsgi_wsgi.py:486
    script_name_environ_var = os.environ.get("SCRIPT_NAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bfaf7b297b9d389 Environment-variable access.
pkgs/python/[email protected]/modal/cli/_help.py:33
    env = os.environ.get("MODAL_RICH_CLI")  # TODO move to config

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd6eec86180c48f Filesystem access.
pkgs/python/[email protected]/modal/cli/_traceback.py:29
            with open(filename, encoding="utf-8", errors="replace") as code_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #42e864753b8d46a8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/modal/cli/changelog.py:24
    req = urllib.request.Request(CHANGELOG_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #693b708437e1ee21 Environment-variable access.
pkgs/python/[email protected]/modal/cli/curl.py:24
    cache_root = Path(os.environ.get("XDG_CACHE_HOME", "~/.cache")).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #114a9d82646a6121 Filesystem access.
pkgs/python/[email protected]/modal/cli/curl.py:51
        cache_data = json.loads(_cache_file_path().read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f045248634d036 Filesystem access.
pkgs/python/[email protected]/modal/cli/curl.py:65
        cache_data = json.loads(cache_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #716065e0abba23e7 Environment-variable access.
pkgs/python/[email protected]/modal/cli/launch.py:35
    os.environ["MODAL_LAUNCH_ARGS"] = json.dumps(args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98936fe3da3fad1b Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:80
    if "MODAL_TOKEN_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73968e8bae222713 Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:84
                os.environ.get("MODAL_TOKEN_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee947853cead1a62 Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:85
                os.environ.get("MODAL_TOKEN_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e55ad4865b9322 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/run_jupyter.py:16
args: dict[str, Any] = json.loads(os.environ.get("MODAL_LAUNCH_ARGS", "{}"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #426fbff8a90ab5ba Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/run_jupyter.py:82
            env={**os.environ, "JUPYTER_TOKEN": token, "SHELL": "/bin/bash"},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd59ff41937b0a48 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/vscode.py:16
args: dict[str, Any] = json.loads(os.environ.get("MODAL_LAUNCH_ARGS", "{}"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3927bce8ac02b5f8 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/vscode.py:98
            env={**os.environ, "SHELL": "/bin/bash", "PASSWORD": token},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e6844cad3c557f Filesystem access.
pkgs/python/[email protected]/modal/cli/run.py:211
    with open(result_path, mode) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4bfc21e15692087 Environment-variable access.
pkgs/python/[email protected]/modal/cli/secret.py:208
            editor = os.getenv("EDITOR", "vi")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #737ac7e0b2e67463 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:43
    content = _skill_resource().read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #179b0069c17681ae Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:69
        lines = (target_dir / "SKILL.md").read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3220cd0eac0aec68 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:144
    (index_dir / "index.md").write_text(f"# {heading}\n\n" + "\n".join(kept).strip("\n") + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ace8d7a1a920d8c7 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:171
        output_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579f7a459fa4e5bb Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:238
            content = raw_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #574f1fda88b92c17 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:242
            (api_dir / raw_file.name).write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1415ee9ed2e972d2 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:266
            (staging_dir / "SKILL.md").write_text(_skill_content_for_install())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea0ecb1246bb3dba Environment-variable access.
pkgs/python/[email protected]/modal/cli/token.py:73
    if os.environ.get("MODAL_TOKEN_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59b9f3d6d4f03cc0 Environment-variable access.
pkgs/python/[email protected]/modal/cli/token.py:75
    if os.environ.get("MODAL_TOKEN_SECRET"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa47fedf6c88702d Environment-variable access.
pkgs/python/[email protected]/modal/config.py:114
user_config_path: str = os.environ.get("MODAL_CONFIG_PATH") or os.path.expanduser("~/.modal.toml")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25222a5e5c63c190 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:122
    return os.environ.get("MODAL_IS_REMOTE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b12bcb01572bcdd Environment-variable access.
pkgs/python/[email protected]/modal/config.py:134
    if agent := os.environ.get("AGENT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36d2dfda82fcd0c5 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:150
        if os.environ.get(env_var):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #228a821bba735f3f Filesystem access.
pkgs/python/[email protected]/modal/config.py:163
            with open(user_config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78acce1b885a02ba Environment-variable access.
pkgs/python/[email protected]/modal/config.py:242
_profile = os.environ.get("MODAL_PROFILE") or _config_active_profile()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01e80b45ca66d846 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:345
        if use_env and env_var_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b94f4d56eaa09d Environment-variable access.
pkgs/python/[email protected]/modal/config.py:346
            return transform(os.environ[env_var_key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8062842e5bf10c0e Environment-variable access.
pkgs/python/[email protected]/modal/config.py:358
            os.environ["MODAL_" + key.upper()] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a102d6050c85f8cf Environment-variable access.
pkgs/python/[email protected]/modal/config.py:362
            os.environ[key.upper()] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f2f6322f5d47bc7 Filesystem access.
pkgs/python/[email protected]/modal/config.py:410
    with open(user_config_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #751557f7e38ef945 Environment-variable access.
pkgs/python/[email protected]/modal/experimental/flash.py:54
        self.task_id = os.environ["MODAL_TASK_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83da22301246762 Filesystem access.
pkgs/python/[email protected]/modal/file_pattern_matcher.py:201
            pattern_strings = Path(self._file_path).read_text("utf8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb18ad9b10d8857 Environment-variable access.
pkgs/python/[email protected]/modal/sandbox.py:1368
        if os.environ.get("MODAL_USE_LEGACY_FILESYSTEM_SNAPSHOT") == "1" and not self._is_v2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dd91b1b06d8aaf4 Filesystem access.
pkgs/python/[email protected]/modal/sandbox_fs.py:115
        with open(local_path, "rb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850be2b522958d74 Filesystem access.
pkgs/python/[email protected]/modal/sandbox_fs.py:223
                    with open(tmp_path, "wb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b90d8807bfeabc Environment-variable access.
pkgs/python/[email protected]/modal/secret.py:322
                return _Secret.from_dict({k: os.environ[k] for k in env_keys})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d71945b0975b11 Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:141
        if "MODAL_PROFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #204e0a72ec124eec Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:142
            profile = os.environ["MODAL_PROFILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c03497ea58825797 Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:167
    env_vars = [var if os.environ.get(var) else None for var in ["MODAL_TOKEN_ID", "MODAL_TOKEN_SECRET"]]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6732bfcc52dd29 Filesystem access.
pkgs/python/[email protected]/modal/volume.py:1514
        with open(f"/proc/{pid}/cmdline", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a67f9524dfbb726 Filesystem access.
pkgs/python/[email protected]/modal_docs/gen_cli_docs.py:174
        (output_dir / rel_path).write_text(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8beca05f07bcf9a Filesystem access.
pkgs/python/[email protected]/modal_docs/gen_reference_docs.py:337
        with open(filename, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

numpy

python dependency
expand_more 1084 low-confidence finding(s)
low env_fs dependency Excluded from app score #e44a3edb4e1accf0 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:122
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88c49e9dc87afa16 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:327
    PATH = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c85a1dad5fe174b Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:332
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41edefbfeab9f688 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:497
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #946df26282af9bf3 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:515
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40fc5a2e4ed31497 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:538
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d410d9035131cd Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:617
        with open(local, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19245751a3aeab33 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:620
        with open(pkg_config_fname, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1cb7fb7e405c78ef Environment-variable access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:12
    if 'SHELL' in os.environ and sys.platform != 'win32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2f0b71b2b886275a Filesystem access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:35
        with open(lock_path, 'a+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #431bbf7614a615db Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:34
        with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f4d2d315a83adfe4 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:125
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1112224a16869660 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:18
        with open(fn, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79659e9ea1aeec8 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:24
        with open(fn, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #746d745d2a84bd8f Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:18
    with open(gen_path, 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27b51d682f9adc79 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:35
    with open(os.path.join(dsrc_path, "doxyfile")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fa16f761e580cfd Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:44
            with open(conf_path) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be922bb88634712 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:273
if os.environ.get('CIRCLE_JOB') and os.environ['CIRCLE_BRANCH'] != 'main':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5461a65bc673b768 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:275
    switcher_version = os.environ['CIRCLE_BRANCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f599ef790ff8d7e5 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:897
        use_hugepage = os.environ.get("NUMPY_MADVISE_HUGEPAGE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2477c5d9824c8248 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:929
    if (os.environ.get("NPY_PROMOTION_STATE", "weak") != "weak"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d8c19fd0df9f65b Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:8
    with open(init) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e780e26f16e187f8 Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:89
                os.environ.get('MESON_DIST_ROOT', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96543247550a7b25 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:98
        with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22dfd26dfc92ce9 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/process_src_template.py:32
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90827ac725131d83 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita.py:25
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #128016d39fba2deb Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:164
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2da0a45fd5a9c9a Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1098
        vars.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1da4071a77ccbf22 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1112
        with open(template_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1e346dba796b9d9 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1117
        with open(options.output, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11099d35a04ee362 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:17
    if envkey not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569026204f126e41 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:60
            machine = os.environ.get('PROCESSOR_ARCHITEW6432', '') \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6100324910eefd84 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:61
                    or os.environ.get('PROCESSOR_ARCHITECTURE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72bfc6ca1669de96 Filesystem access.
pkgs/python/[email protected]/numpy/_core/_methods.py:242
        ctx = open(os.fspath(file), "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6bc900d26da7f31 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:249
        fo = open(filename, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #321f03a84ab308fa Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:321
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c57bc6b99fc044c Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:325
    with open(filename, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b260d8feb3f482 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:545
    with open(file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38ad1fa834ea331c Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath.py:1638
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b907c65d894371f5 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath_doc.py:23
    with open(target, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #446fb4d2669abf54 Filesystem access.
pkgs/python/[email protected]/numpy/_core/memmap.py:236
            f_ctx = open(
                os.fspath(filename),
                ('r' if mode == 'c' else mode) + 'b'
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bfd3761ceada95f Filesystem access.
pkgs/python/[email protected]/numpy/_core/records.py:900
        ctx = open(os.fspath(fd), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b2bf54891e623a3 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:608
        with open(filename, encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2cc35730820ee9a Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:627
        with open(filename, "w", encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bcb51417ce93ab56 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:85
if 'REPO_NAME' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #56dc63dcffc2775b Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:86
   REPO_NAME = os.environ['REPO_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #44c74fce8b2f6e98 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:91
if 'current_language' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d5e9584fab455d67 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:93
   current_language = os.environ['current_language']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ac0b185ef93d2330 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:106
if 'current_version' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2d7d0e6c3ab94e44 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:108
   current_version = os.environ['current_version']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #625f396e7d982571 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:59
    data = open(file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #97ef70033d987f9e Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:73
        with open(ext_file, 'w') as handler:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd950dcf852d37f5 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:83
            data = open(ext_file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1be45e594ea417b Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:60
os.environ["NUMPY_EXPERIMENTAL_DTYPE_API"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46441f63bf0da073 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:102
        os.environ['NPY_AVAILABLE_MEM'] = available_mem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216d3e43368f1270 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:62
    with open(dep_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3229b9ff3a295fd4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:137
    env = env if env is not None else dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c104b98fda29cc62 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:548
            with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c6fd1c716c968ce Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:673
            extra_args  = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf65058d984942a7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:674
            extra_args += os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472332cc7fa71ec1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:738
        old_path = os.getenv("path")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5b11a8eb7e400c2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:740
            os.environ["path"] = self._ccompiler._paths

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648fb50b86dadbfb Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:743
            os.environ["path"] = old_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a892031cbddbd12 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:875
        with open(self._cache_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #700b1c5c66a59138 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1100
        with open(test_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed35fd6988ce322c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1864
        with open(source) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4474f8ae1b30030 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2381
        with open(header_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a876d759eaa2a7f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2569
        with open(wrap_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c086e8aad26188 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2593
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5296bb54a949207b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2626
        with open(config_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27a26fa0eae9b73a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:442
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a61a6c1bb6ac6d1f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:447
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fea9d1bc5141155 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:453
            with open(lib_fname, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ed142d5a194cbb Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:656
                    with open(fake_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c73198c952577ea Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:661
                    with open(c_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #087e9a328154ab9c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:29
    with open(source, 'r') as fs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa419a07d2ecd9e2 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:30
        with open(target, 'w') as ft:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f68f13884327fc Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:431
                    with open(target_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f679ab5c94891caa Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:728
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #639fe6785c4b5ca4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:738
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47be1451c8ab83bd Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:763
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aea523b6eea37321 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/install.py:65
            with open(self.record) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351397d61d149f03 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:265
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4bf7d2d29d6c9bd Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:315
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2e569154aa80f9f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:318
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d96ffb0b6bc1257d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/cpuinfo.py:111
            fo = open('/proc/cpuinfo')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cea44cf35ad7c71 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:130
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fda4e960035d607 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:169
    env = {name: os.environ.get(name) for name in names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29a90a9aa187c3a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:175
        os.environ[name] = value or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1468df935291c6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:264
        sh = os.environ.get('SHELL', '/bin/sh')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6a04eb78fe8d436 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:989
    with open(file, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f1679f1a30e8085 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1008
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f9c8f7b3f7390da Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1020
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36607fae812ff9f4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/absoft.py:79
        d = os.environ.get('ABSOFT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06fc16ac139749cd Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:22
            v = os.environ.get(envvar, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48549e402330778b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:58
            envvar_contents = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49292037d0cfb113 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:62
                    if os.environ.get('NPY_DISTUTILS_APPEND_FLAGS', '1') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3570a3c22022d2a9 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:112
            target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3179145cfbb6ed36 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:130
                os.environ['MACOSX_DEPLOYMENT_TARGET'] = str(target)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #159a2edcef2be4d2 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:404
            with open(fn, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fbba8ef7c0ecd91 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/ibm.py:79
            with open(xlf_cfg) as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19a6b2fe51ea914a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/lahey.py:32
        d = os.environ.get('LAHEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd6a1ac499d8f10a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:213
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d252f7f21c41b82f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:250
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db69c523568705e6 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:253
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763492b2b90bd94c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/lib2def.py:112
        deffile = open(deffile, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc0d2c2e9940b519 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:15
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3501bb6a15ae4b84 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:24
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d84b9e3d4bb3f63 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:49
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5419cf73a2b6fc4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:58
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e6f8822832da326 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:206
    if 'SYSTEMROOT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aaacd6089d3ea03 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:207
        lib_dirs.append(os.path.join(os.environ['SYSTEMROOT'], 'System32'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d320d5c53169552 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:253
    with open(dfile, 'w') as d:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4aad8cef317f7be Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:270
        winsxs_path = os.path.join(os.environ.get('WINDIR', r'C:\WINDOWS'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf894eea4422714 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:282
        for path in [sys.prefix] + os.environ['PATH'].split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8233080d4af2674e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:473
    with open(def_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e128ee6eed0d4b9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:618
            with open(manifest_name(config), "w") as man:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b32a0bf9dd505b1b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:97
    envjobs = int(os.environ.get("NPY_NUM_BUILD_JOBS", cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b566bf957dff6d63 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:222
    with open(config_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2dc227aa89e789f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:324
    if sys.platform=='cygwin' and 'USE_COLOR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b40907f436892b2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:427
        if os.environ.get('OSTYPE', '')=='msys':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3424ac69d13ded6f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:429
        if os.environ.get('MSYSTEM', '')=='MINGW32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd9169601f2af276 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:478
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e04fb7b8853f891 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1808
        old_path = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9705a3931fc63d5 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1811
            os.environ['PATH'] = path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19c09147bcf18889 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1887
        if sys.platform=='win32' and os.environ.get('SVN_ASP_DOT_NET_HACK', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae0dd54edcafdaa6 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1892
            with open(entries) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3e1a11975aa963f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1922
            with open(branch_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fada842450c3a18a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1926
            with open(branch_cache_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1035fd3926cc384b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2043
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c3b04d35f75122 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2083
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee54d89e3392329 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2155
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed93f1dcc7e35300 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2329
    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0961d98504a84b6e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:46
        environ_lib = os.getenv('lib')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fd27a23b7d2b406 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:47
        environ_include = os.getenv('include')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1357edac9b082392 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3692e63c9981d4ae Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae2871eb09dcca8f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:46
        environ_lib = os.getenv('lib', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6118f67eb0768ae Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:47
        environ_include = os.getenv('include', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44191041edaf231e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec713a8d402b2e67 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #824b9588b8c31588 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/npy_pkg_config.py:409
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f6e87527a6f8612 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:352
    with open(os.devnull, 'w') as tmp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4efc249ce24a8394 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:443
    order_str = os.environ.get(env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5946e39cb2b3d6fe Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:886
                    if e in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c819f479a248153 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:892
        if env_var and env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #726b1d3bc1bfac5f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:893
            d = os.environ[env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12c1f94b7cc248f5 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1264
        mklroot = os.environ.get('MKLROOT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86c5ba58500a337 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1267
        paths = os.environ.get('LD_LIBRARY_PATH', '').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a1639b22d5f27b9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1270
            with open(ld_so_conf) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cfaa1ed9ed4bfe7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1344
        tcsdsroot = os.environ.get('TCSDS_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d393f17c2a7587 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1820
            atlas_version = os.environ.get('ATLAS_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8c4645bc5ed958 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1968
        info['extra_link_args'] = os.environ['NPY_LAPACK_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a11105afc12f388 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1982
        if 'NPY_LAPACK_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f50d324cac307566 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2135
        info['extra_link_args'] = os.environ['NPY_BLAS_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012498c99bdd1b60 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2136
        if 'NPY_CBLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130c919918a8512c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2139
                                        os.environ['NPY_CBLAS_LIBS'].split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b28d3da94430346a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2151
        if 'NPY_BLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7cac44f780df680 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2274
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ab144489fae536 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2393
        with open(fake_lib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa353f559aa07e4c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2395
        with open(fake_clib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a890c0000110ce0a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2429
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #133a89db9ffd9b35 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2540
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a34d90e1bdd26fae Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2596
        libraries = os.environ.get('ACCELERATE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0d82edd3c9f699b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2604
                not os.getenv('_PYTHON_HOST_PLATFORM', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da839eeb5491efc8 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2637
                if(os.getenv('NPY_USE_BLAS_ILP64', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20f9dd94579abe80 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2827
        if os.getenv("NUMERIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #725f068d37c9af4b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2828
            which = os.getenv("NUMERIX"), "environment var"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4a2a9a120fb3f46 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2855
        os.environ['NUMERIX'] = which[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d694ea31196f0146 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2963
        if self.config_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1badeaa956a740b6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2964
            return os.environ[self.config_env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #674af37851ed7e4f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:31
    if 'OPT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e77ca4d084a3270d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:34
        opt = shlex.join(shlex.split(os.environ['OPT']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580742890666aea5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:67
        with open(obj + '.d', 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb2e5af97d59c985 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:71
        return self.build_template_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2059effc2bbc8d76 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:181
        meson_build_file.write_text(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c075f5c5ff36ee35 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_src_pyf.py:215
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1797b395fc75cc63 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/auxfuncs.py:920
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b834ea264c9843 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/capi_maps.py:158
        with open(f2cmap_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888b1a54c4784a02 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:316
        with open(filename, 'rb') as fhandle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c01636e3a4afe9 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:327
    return open(filename, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad64eaf551afc8a Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3703
                open(l).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de4c2348ab92f9f Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3722
        with open(pyffilename, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dabfbcbb7cead4f6 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:295
                with open(l):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0615b85770ee39d Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:362
            with open(options['signsfile'], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34189adecadba26d Environment-variable access.
pkgs/python/[email protected]/numpy/f2py/rules.py:160
generationtime = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab8f71eb5249ec37 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1424
    with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67b784b252926a81 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1431
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5d7020db00017de Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1440
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dc0b369344b16ec Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1454
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a1037892b7fcdd2 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1479
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa25db8df80fa01 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:966
        with open(os.fspath(filename), mode + 'b') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8004cbef9383270e Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:971
        with open(os.fspath(filename), 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a718ed63fe99184b Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:454
            fid = stack.enter_context(open(os.fspath(file), "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db68629223c86891 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:568
        file_ctx = open(file, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d5db13a694a37a4 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:1552
        open(fname, 'wt').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21460640fda7a34f Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:308
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9973bdc2bb222e Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:318
    with open(outfilename, 'w') as writefo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a71a93a2dfb0c672 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/fortran.py:116
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #675e6f0498d21ef0 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:230
    with open(wrapped_routines_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6618a5b36abd1a1d Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:250
        with open(filename, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddba42a330ba1071 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:256
    with open(output_file, 'w') as output_fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #093ccfc2546764a0 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:258
            with open(r.filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0066d395241248 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:275
    with open(c_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e478cf585b3ac1 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:278
    with open(c_file, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #965b8dc4fc32b970 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:301
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d15b5424b75a152 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:309
    with open('f2c.h') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ec787f7b7dcbe6 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:315
    with open(os.path.join(output_dir, 'lapack_lite_names.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #583ec39a89f3ef07 Filesystem access.
pkgs/python/[email protected]/numpy/ma/mrecords.py:649
        f = open(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd481a065ca357d Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:12
    with open(os.path.join(inc_dir, 'random', 'bitgen.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f46e8b3ec5aa1fb0 Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:21
    with open(os.path.join(inc_dir, 'random', 'distributions.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87a5bf663fad0cf6 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:210
    with open(cfile.parent / "meson.build", "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e367a1ad903e6b Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:224
    with open(native_file_name, "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688181f3a4fa2549 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:73
                np_dist.read_text('direct_url.json') or '{}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1596c765646612 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:174
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d6104a08b67e880 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:203
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8cd36e48af2c226 Environment-variable access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2700
    env_value = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecc61086e727dbd6 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2752
        with open('/proc/meminfo') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4930cbbb32e03a04 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:57
        with open(self.path, "r") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #616e4c81da4f6eef Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:66
        with open(self.path, 'r') as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4b146dbaa8f0b801 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:96
            with open(os.path.join(root, self.clean_path(path)), "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f0a37f9bd85698ce Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:97
                source.write_text(fd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ce4afe9bf27a3ee Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:101
            with open(
                os.path.join(root, self.clean_path(path) + ".html"), "w"
            ) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e6188ae5f585da26 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:106
        with open(os.path.join(root, 'index.html'), 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #89b310c4788d9c23 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:165
        with open(log_file, 'r') as log_fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #af7b2dc74206055e Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:176
        files.write_text(args.directory)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #261ccdacab4b4886 Filesystem access.
pkgs/python/[email protected]/tools/check_installed_files.py:113
    with open(os.path.join('build', 'meson-info',
                           'intro-install_plan.json'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1d5567a994ae2ea1 Filesystem access.
pkgs/python/[email protected]/tools/check_openblas_version.py:48
        with open(reqfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0132bcf7770b258 Filesystem access.
pkgs/python/[email protected]/tools/check_python_h_first.py:77
    with open(name_to_check) as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e3a6d73448145083 Filesystem access.
pkgs/python/[email protected]/tools/download-wheels.py:95
        with open(wheel_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bc70adadfb5ba51d Filesystem access.
pkgs/python/[email protected]/tools/functions_missing_types.py:103
        with open(module_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #06aee1ac67ba52a2 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:12
    with open(gitmodule_file) as gitmodules:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #91de1c33f6c027f3 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:19
    with open(
            os.path.join(root_directory, ".gitattributes"), "r"
    ) as attr_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20e9266b38b2263e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:21
        data = json.loads(path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563c9d4618892c26 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:83
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5336341892f63dcc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:100
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b4be786a8253aa2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:140
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #348456843b41a056 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/extensions/refman_links.py:128
        raw = Path(self._data_file).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #14dc243b9e88a474 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/genrelnotes.py:71
            snippet = snippetfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0c9816133e168ac3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/jsonvalidator.py:146
    root_tmp = json.loads(args.doc_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9ca569952ceb341c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorjson.py:115
        self.out.write_text(json.dumps(data), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #08b9b1e5ac21d1bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorman.py:65
        self.path.write_text(self.text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #069938406de38c31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:115
        out_file.write_text(data, encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e3525236d73a23a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:128
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7beccca5db071fd4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:357
        raw = self.sitemap_in.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c1ccf7f00c3d21a9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:368
        self.sitemap_out.write_text(out, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d807075909303302 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:390
        self.link_def_out.write_text(json.dumps(data, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c2d91acf9c167b86 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:30
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d93686bb853734fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:37
        out_file.write_text(result, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3d490e3069cb7db9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderbase.py:194
        return f.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #48be82b7a5489775 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderpickle.py:16
        res = pickle.loads(self.in_file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6704890c8b849b88 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/main.py:76
        args.depfile.write_text(out_text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ef1844748050d4e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:24
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #68b1bddafbf3030b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:14
    response = urllib.request.urlopen(sdl_url, timeout=600.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #758e330d37d89b40 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:16
    open(sdl_filename, 'wb').write(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4a2a4b1a608272 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:441
            return open(outfileabs_tmp, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eafa382977a850c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:606
            with open(rsp_file, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e66c2762afa2cb0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:710
        with open(exe_data, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8f23bacabea8cff Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:717
        with open(test_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea024d8bc660ea04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:720
        with open(benchmark_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aff9baf224a05370 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:882
        with open(pch_file_tmp, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4faee1adb0ac6942 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1287
        with open(ifilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97c3561b24617a17 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1318
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38e4915093ebb85 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1636
        with open(install_data_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e79ce03e3e29af1b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:533
                return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad6e312d6429bbfa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:538
            return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcc9ef08178a851d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:542
        with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc731916ff371fbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:575
                    with open(tempfilename, 'ab') as binfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1315b2cb2f9e789 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:577
                    return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4009eb48b86e7025 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:619
        with open(tempfilename, 'w', encoding='utf-8') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8abb985f823b5fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:701
        with open(os.path.join(self.environment.get_build_dir(), 'rust-project.json'),
                  'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f61eb6c52e35b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:733
            with open(os.path.join(builddir, 'compile_commands.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22cfc06f2230965a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1149
            with open(pickle_abs, 'rb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1d160fb633de9cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1154
            with open(pickle_abs, 'wb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae04097332a1fb66 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1479
        with open(manifest_fullpath, 'w', encoding='utf-8') as manifest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d61971fc27160fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:2848
            with open(filename, encoding='ascii', errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #609b42ab567d441f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3807
        with open(d_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e8ae982820a05d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:36
    vs_version = os.getenv('VisualStudioVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09aacc8388d7e5ce Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:37
    vs_install_dir = os.getenv('VSINSTALLDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9f3d526215d899 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:296
        with open(Vs2010Backend.get_regen_stampfile(build_dir), 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56579478297c822b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:300
        has_arch_values = 'VSCMD_ARG_TGT_ARCH' in os.environ and 'VSCMD_ARG_HOST_ARCH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc88254d5b0b1949 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:303
        if 'VCINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb3c8d1e4ac6484 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:304
            vs_version = os.environ['VisualStudioVersion'] \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09f691ba928c526e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:305
                if 'VisualStudioVersion' in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #379b096acc2e711c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:307
            script_path = os.environ['VCINSTALLDIR'] + relative_path + 'vcvarsall.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b4769e5ce493b8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:310
                    target_arch = os.environ['VSCMD_ARG_TGT_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b01483256eb6fea Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:311
                    host_arch = os.environ['VSCMD_ARG_HOST_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef782afba6c30911 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:313
                    target_arch = os.environ.get('Platform', 'x86')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bbba6d9eaa952a4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:319
        if 'VS150COMNTOOLS' in os.environ and has_arch_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c63cfd9c6d62ac30 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:320
            script_path = os.environ['VS150COMNTOOLS'] + 'VsDevCmd.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef1ecf1e6a90415 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:323
                    (script_path, os.environ['VSCMD_ARG_TGT_ARCH'], os.environ['VSCMD_ARG_HOST_ARCH'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd25c85b8fc35b3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:425
        with open(sln_filename_tmp, 'w', encoding='utf-8-sig') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34e774534efec600 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:1001
        with open(ofname_tmp, 'w', encoding='utf-8') as of:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d2d951a707e658 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:2092
            with open(rulefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff38aaa3b97f9d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2017backend.py:45
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c63afdd44a0edbe8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2019backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c9dbe72165ff51 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2022backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d6fb83abbd04c23 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/xcodebackend.py:274
        with open(tmpname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #766658d20d3a3fdb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/build.py:3360
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c4eebb78a7d696 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cargo/toml.py:36
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e28be3da4ae93503 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/executor.py:214
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94b5d7a5c2731ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:51
        query_file.write_text(json.dumps(query, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0eba10777569bf0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:75
        debug_json.write_text(json.dumps(index, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88eb4038fda78b5a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:320
        data = json.loads(real_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cc8406f23c6cf2d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/interpreter.py:865
            os_env = environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #540c3f50147ad1eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:61
        self.toolchain_file.write_text(self.generate(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c67760446e6239f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:62
        self.cmcache_file.write_text(self.generate_cache(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce33a212fbc9f0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:228
        cmake_file.write_text(cmake_content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9a81e0be309f049 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:232
        temp_toolchain_file.write_text(CMakeToolchain._print_vars(self.variables), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b0c816cc348ae97 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/traceparser.py:170
            trace = self.trace_file_path.read_text(errors='ignore', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756beb434e055eb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:830
                with open(srcname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab5e095e56da6bd6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:861
            os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178f4a29b30cce67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cs.py:90
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a5db37f72a37871 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cuda.py:535
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9309e083fba2010 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/d.py:444
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2509ff8b80082c89 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:295
            if 'WATCOM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9820d1b1e3efbf21 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:299
                watcom_cls = [sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeee4ebfb850d5d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:300
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl.exe')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497e6234348dc14c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:301
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b32dc69bb0b3b536 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:302
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl.exe'))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a188c484b246e351 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:1321
            default_path = os.path.join(os.environ['ProgramFiles'], 'NASM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d252fc25c58ae4e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/java.py:79
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9a44f1352832f03 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:219
                    with open(file_to_check, 'rb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce7b7ee203d4d90b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:295
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56ff319c8ff33d09 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:914
            with open(p.output_name, 'rb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37f084cb1f182e0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:1197
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #452983c39afbdda4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:43
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b71693c64a7ee6b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:54
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2274ac3fe28b4ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:66
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24cb314599538202 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/gnu.py:323
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f74417039031a5b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:354
        if 'INCLUDE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95421d061486bd22 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:356
        return os.environ['INCLUDE'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47024b558f847e4a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/rust.py:115
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fa55d78ac9f0b22 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/swift.py:190
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38a886e1726b833b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:316
                    with open(f, encoding='utf-8') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01a08040b0e34d52 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:317
                        with open(fcopy, 'w', encoding='utf-8') as wf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a1a1d88de00c4a6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:327
                    os.environ.get('XDG_DATA_HOME', os.path.expanduser('~/.local/share')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d20a0c994f6dc1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:328
                ] + os.environ.get('XDG_DATA_DIRS', '/usr/local/share:/usr/share').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #448a5347e6026fb6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:650
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6bfc8ec9484d322 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:664
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a26129b62dc63cd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:695
    with open(tempfilename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5713c1f9cd5fef3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:750
        deploy_target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', macos_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c03313ffe23861 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:761
        deploy_target = os.environ.get('IPHONEOS_DEPLOYMENT_TARGET', ios_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a71ad4469303646 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:899
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e63af84cd71a10 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/boost.py:764
        raw = hfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01a93d8c81159288 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:302
        for i in os.environ.get('PATH', '').split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49608ab95736f61b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:333
        env_path = os.environ.get(f'{name}_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49cdd1cfa6d988db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:584
        cmake_txt = importlib.resources.read_text('mesonbuild.dependencies.data', cmake_file, encoding = 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9f7b63336cac9fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:604
        cm_file.write_text(cmake_txt, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9512459dc39fb1e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:169
        env_vars = [var for var in env_vars if var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8375e642285f9719 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:170
        user_defaults = {os.environ[var] for var in env_vars}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b02595a8ad68957 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:176
        return ([(os.environ[self.env_var], True)] if self.env_var else []) \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f3cc1b8fbe6e3a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:180
        env_vars = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09bbcca60ce89834 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:181
        return [(os.environ[var], False) for var in env_vars if var.startswith('CUDA_PATH_')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc6bcd432f796eae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:217
            raw = i.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33846594cc63866a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:235
            with open(version_file_path, encoding='utf-8') as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a047dd80e683268 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/dev.py:782
        vsdir = os.environ.get('VSInstallDir')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba0fe08eabaae52e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:112
            os.environ[f'HDF5_{cenv}'] = join_args(compiler.get_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #972f2e306fff2505 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:113
            os.environ[f'HDF5_{lenv}LINKER'] = join_args(compiler.get_linker_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf20795e44d953a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:116
            del os.environ[f'HDF5_{cenv}']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8832189f9303c99f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:117
            del os.environ[f'HDF5_{lenv}LINKER']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf58e91e750e84d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:56
        tool_names = [os.environ.get(env_name) for env_name in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #808528c12cdcfe75 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:228
        incdir = os.environ.get('MSMPI_INC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c07fba9e6a1c9d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:232
            libdir = os.environ.get('MSMPI_LIB32')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faf9f28bc2f41ef2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:235
            libdir = os.environ.get('MSMPI_LIB64')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e71d2b980bc3113 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:154
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #811fc6e51b5e241d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:169
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64553559c9560bec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:290
        env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35911883bb9bc4c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:543
        with open(la_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03f7b8c4f0b5abc5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:129
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064c3a7057c05de7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:427
                old_pkg_libdir = os.environ.pop('PKG_CONFIG_LIBDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e7e74dbbc8999d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:428
                old_pkg_path = os.environ.pop('PKG_CONFIG_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c418da24ae6ad102 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:429
                os.environ['PKG_CONFIG_LIBDIR'] = pkg_libdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b871568b2d2b0b8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:435
                            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01e27d0daa600cfa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:436
                        elif name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05acdba4bfb5f070 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:437
                            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7130aa02cd6a2b43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/scalapack.py:59
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8b103d2e6fc57c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:117
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42e14ac7c4970d08 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:190
        self.vulkan_sdk = os.environ.get('VULKAN_SDK', os.environ.get('VK_SDK_PATH'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b29932b8f90c62a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:84
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24846c20e11cccf3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:183
    env_ninja = os.environ.get('NINJA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdbe6bcb4814a869 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:268
    if 'SCANBUILD' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5226369c9e06244b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:269
        exelist = split_args(os.environ['SCANBUILD'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39e1d7895ee59d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:541
    return os.environ.get('MSYSTEM_CARCH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26bd954bfb68c909 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:395
        if 'MESON_UNIT_TEST' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554632b86dcc103c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:397
        if 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfb1d14f320e840 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:991
                with open(meson_filename, "w", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3fd615a9060073 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:1249
                ver_data = Path(ifname).read_text(encoding='utf-8').split('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6a5742c0d43e154 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2756
                with open(dst_tmp, 'w', encoding=file_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b14570f40356c3c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2763
                with open(depfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b001b1f5b7184acb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreterobjects.py:243
        child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eff4ad2c52bade04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:105
            with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21bb9eb6e4521627 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:154
                    with open(parent / 'meson.build', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02d0c31b096a1bc9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:701
            with open(option_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e783da12bc53e967 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/machinefile.py:40
                with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #296ddcd483274341 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mcompile.py:253
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6402e1793b9df6ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:94
                    with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ba143e19cfea908 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:109
                        with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c1a15e553800ca6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:71
    env = {} if dump_fmt else os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ac19f89281c0e31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:140
            gdbinit_path.write_text(gdbinit_line, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8895df8ce8b86e05 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:178
            with open(options.dump, "w", encoding='utf-8') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d0c06fdef6a436 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:196
        shell_env = os.environ.get("SHELL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84a8378e8c5ee2b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:209
                args = [os.environ.get("COMSPEC", r"C:\WINDOWS\system32\cmd.exe")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfc74f8524c0dc5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:212
            args = [os.environ.get("SHELL", os.path.realpath("/bin/sh"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d7c083104f154d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:217
            if not os.environ.get("MESON_DISABLE_PS1_OVERRIDE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #937b66766392c773 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:64
    m.update(open(fname, 'rb').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad20bf4c65dbca2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:65
    with open(hashname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f9b9d973fe09c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:92
            if 'GITLAB_CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd09f5c5c6f4899c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:257
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e70259552af5c9b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:290
            with lzma.open(xzname, 'wb') as xf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a13c006a9d41702 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:295
            with bz2.open(bz2name, 'wb') as bf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7bb32dd74ef1723 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:300
            with gzip.open(gzname, 'wb') as zf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ac3c6d655e57c1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:320
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #becfca2877003d08 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:20
            data = importlib.resources.read_text( # [ignore encoding] it's on the next lines, Mr. Lint
                    ('mesonbuild' / self.path.parent).as_posix().replace('/', '.'),
                    self.path.name,
                    encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8baccafcda113ed8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:24
            path.write_text(data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc65abd0c07e399e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:33
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71d1a88ab9f86e3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:43
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad142dd45c55b39b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:257
    if os.environ.get('MESON_SHOW_DEPRECATIONS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da51ce9518b0301 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:264
    if sys.version_info >= (3, 10) and os.environ.get('MESON_RUNNING_IN_PROJECT_TESTS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3025c7dad892f97 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:282
    if sys.platform == 'cygwin' and os.environ.get('MSYSTEM', '') not in ['MSYS', '']:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ede013e93914638 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:37
            self.read_string(f'[{self.default_section}]\n' + filename.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dabf0429a88c74c1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:1081
                code = src_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcd8e1cde4ed47de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:545
            destdir = os.environ.get('DESTDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e210fc5239c2491 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:551
            os.environ['DESTDIR'] = destdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bf1b1ad9c2681cd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:581
                os.environ.get('MESON_ROOT_CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #401298e3f3cf0432 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:587
            if rootcmd is None and pkexec is not None and 'PKEXEC_UID' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7291210e47e23d57 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:814
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f54b42abc6147dd5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:816
            if os.environ.get('SUDO_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db3615a30f6f86a1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:825
            elif os.environ.get('DOAS_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1538d790cdfbd302 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:879
    with open(os.path.join(log_dir, 'install-log.txt'), 'w', encoding='utf-8') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #621f726997f612ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:521
    with open(get_info_file(infodir, kind), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8791562287c8fcb9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:590
        with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9548c423d96967dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:660
    with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1ba85b6e3cdab43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:50
    return bool(kernel.SetConsoleMode(stdout, mode.value | 0x4) or os.environ.get('ANSICON'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cc5defbd80bf865 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:52
_in_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b8ee9191ed1d45b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:53
_ci_is_github = 'GITHUB_ACTIONS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83b0b508afb3429 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:120
        if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e17c2ff2c8c6211a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:121
            pager_cmd = shlex.split(os.environ['PAGER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7604c6d75c7c9cc0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:140
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f43e08bd0bd7f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:150
            if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f41eac6f52b1a3c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:166
        self.log_file = open(os.path.join(logdir, self._LOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a51e9cb91a8b8d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:394
                _colorize_console = os.isatty(output.fileno()) and os.environ.get('TERM', 'dumb') != 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704126fe09e7b24c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:570
    elif 'MESON_FORCE_SHOW_LOGS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c1c0edb22276aa4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:577
    with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b8cb54b795988e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/_qt.py:804
        with open(fileout_abs, 'w', encoding='utf-8') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab547ce821f1e49d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:341
            with open(infile, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb0b92ce04e2884b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:355
        with open(outfile_tmp, "w", encoding='utf-8') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd510c48c2bd5e52 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:58
            with open(config_path, encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63077e20faacb96e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:87
        with open(config_path, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #934466e0136fb0e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:142
        self.run_env: EnvironOrDict = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44fca380679b6a8c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:207
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46541a4439e8ec51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/features/module.py:683
        with open(config_path, "w", encoding='utf-8') as cout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7a0eca7694469ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:169
        with open(file, mode='rb', buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #822af54f632969ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:268
            with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d0e9062ac8f6859 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:953
        with open(gir_filelist_filename, 'w', encoding='utf-8') as gir_filelist:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01630809b55cec96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:2209
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f88fa5311a0b5800 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/hotdoc.py:321
        with open(hotdoc_config_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a2524c09605b3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/i18n.py:235
        rsp_file.write_text(source_list, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87e481111bc9eef8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/keyval.py:31
            with open(path_to_config, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #982f02da45331d4f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/pkgconfig.py:527
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6781540696e3a83b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:401
        with open(pycompile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca1f5e4061cba2ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:403
                f.write(importlib.resources.files('mesonbuild.scripts').joinpath('pycompile.py').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0715e1ce22f575 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:415
                with open(os.path.join(self.interpreter.environment.get_scratch_dir(), manifest), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caef13009afc8103 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mparser.py:111
        self.in_unit_test = 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3acf1d05ace49c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:150
        with open(os.path.join(build_dir, '.gitignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b258e7e4547a8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:152
        with open(os.path.join(build_dir, '.hgignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c23f7b18f78fa79e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:322
                with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f789be1043e2ce5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:521
        self.file = open(filename, 'w', encoding='utf-8', errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704070423480e12e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:755
        inherit_env = env_tuple_to_str(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0b5f71a62083e3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:948
        with open(self.filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4e39c2e027ff91a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1048
        test_only_env = set(self.env.items()) - set(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55888c4e4dc2aba9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1110
            with open(filename, 'r', encoding='utf8', errors='replace') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf14e89816417279 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1783
        return current.env.get_env(os.environ.copy())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10dbdc5018486490 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1791
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5081c06d6d3aceb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2226
        with open(targets_file, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #153b2a86c136cac9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2308
            if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #505d255ef96714d6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/optinterpreter.py:83
            with open(option_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4bd3a69ed959178 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:149
        if 'USERPROFILE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84aa7cf1c104dc2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:160
        appstore_dir = Path(os.environ['USERPROFILE']) / 'AppData' / 'Local' / 'Microsoft' / 'WindowsApps'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d4eb634e3a9c5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:192
            with open(script, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d70330fa7894e1b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:296
        search_dirs = OrderedSet(self._windows_sanitize_path(os.environ.get('PATH', '')).split(';'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6f4e91aeb2ec649 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:318
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0ee1b725cb78259 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1024
                with open(fpath, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461227142d250581 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1026
            with open(fpath, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a86e970a677f5b5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1077
            with open(val['path'], 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f65104bae28e4cd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1131
        with open(options.json, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d22861bda133b5e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/clangformat.py:26
            original = fname.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #95f3fb4889e3d96c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/cleantrees.py:28
    with open(args[0], 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0f1146410c44c67e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:103
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_bat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bf1e66d003062191 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:107
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_sh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9b85b0e943b1ac20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:105
    with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #934f18f78cc04594 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:119
    with open(jsonfile, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f49dce462e48997b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:125
        with open(dep, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a94641a9eddc735 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:133
            self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29f695b193046492 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:138
                self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #54077f7be0652f25 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:444
    with open('META-INF/MANIFEST.MF', 'r+', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3379e133e00b4161 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:72
        with open(pickle_file, 'rb') as pf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8132d33384c2abb5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:90
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9437b6971338a24 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:134
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3a1df817dd1c3270 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:199
        with open(self.outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad798de348cb7d93 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:95
    cppflags = shlex.split(os.environ.get('CPPFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4223b0b239642933 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:96
    cflags = shlex.split(os.environ.get('CFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6e49abbcbc91d43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:97
    cxxflags = shlex.split(os.environ.get('CXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fd6f7c6a081a4f22 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:98
    objcflags = shlex.split(os.environ.get('OBJCFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eb88afa402c7f2ed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:99
    objcxxflags = shlex.split(os.environ.get('OBJCXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #da2d8844be152ecf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:100
    ldflags = shlex.split(os.environ.get('LDFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ccaf57c4e185cf9f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:273
    with open(tmpfilename, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f6c400c5f481bc3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:324
        compile_args = shlex.split(os.environ.get(compilers.CFLAGS_MAPPING[langname] + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6694039f26f0b8d9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:326
        cppflags = tuple(shlex.split(os.environ.get('CPPFLAGS' + envvar_suffix, '')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f84fd4209168abbe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:332
        lang_link_args += shlex.split(os.environ.get('LDFLAGS' + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c81fdaa6284da251 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:339
        compilerstr = os.environ.get(envvarname + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4f3aa404c2041392 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:357
        binstr = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #66d7d2228429784c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:362
    var = os.environ.get('PKG_CONFIG_LIBDIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ce63a6260285ec9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:365
    var = os.environ.get('PKG_CONFIG_SYSROOT_DIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3c4960542ee118f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:27
        with open(self.depfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #272d52eece1d45c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:38
        with open(self.stampfile, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e6e4f09b1e957bbb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:73
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2415c6b80d7299aa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:78
        run_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #332a2ab78ba16926 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:30
        with open(linguas, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #96f5b7ebcf971d1c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:48
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13dc2b1ebac142b0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:52
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b8fbf6f07c8be032 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:270
    if 'MESON_INSTALL_PREFIX' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b5e197939b83602f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:271
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8298e30d412502c1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:272
        install_prefix = destdir_join(destdir, os.environ['MESON_INSTALL_PREFIX'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #655f146d775ec1e4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:23
    subenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7f80735d44c8e0e9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:35
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ad40202415afc42 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/itstool.py:64
    build_dir = os.environ.get('MESON_BUILD_ROOT', os.getcwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1effb21d61e31e1b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:31
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fd3de487a81ba3b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:49
        stdin = open(exe.feed, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2133a8e8b5ffd898 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:84
            with open(exe.capture, 'rb') as cur:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d96939381afe56ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:89
            with open(exe.capture, 'wb') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #12aa0f6d9c8a65b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:106
        with open(options.unpickle, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f0ac7b3c2530e47 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/msgfmthelper.py:25
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e8b6f7fe37de240 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:12
quiet = int(os.environ.get('MESON_INSTALL_QUIET', 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5243c51c4644fee9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:22
        fullpath = absf = os.environ['MESON_INSTALL_DESTDIR_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #df17c6d6260e5a5d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:23
        f = os.environ['MESON_INSTALL_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6f4563519056de3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:41
    with open(data_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e92e7d46becd4ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:41
    with open(dumpfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d7a7de0745ffb39d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:44
    with open(coredata_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a697b7ba9b23a68d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/reprotest.py:61
        os.environ['CCACHE_DISABLE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aa1c738beb22895b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:136
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #496468d94abc0b32 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:156
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c720d420b74036f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:31
    with open(outfilename, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a0361d00136b3314 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:36
        with open(outfilename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f4660baea0d6fed8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:42
    with open(outfilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4ec9552238fd7d50 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:53
    with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7b27cd9bca5d3a2e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:58
    if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b3543588731e40f7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:60
        return shlex.split(os.environ[evar])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13919967fc8f8f81 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:118
    origpath = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d9216e0aaefc0cf1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:120
        os.environ['PATH'] = '/usr/gnu/bin:' + origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4f4a365144e59439 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:123
        os.environ['PATH'] = origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #beecc518e5251110 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:228
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b4b8a6954f108426 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:307
            with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #094f760d3a240461 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/uninstall.py:14
    for line in open(log, encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9dfbb1355f2299c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:16
    with open(infile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c82fc28db37a2ef9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:19
        with open(outfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13c4b3d6f4d115bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:24
        with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c4caece4909609f3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/yasm.py:21
    with open(options.depfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d51858cfd8e2a3c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:87
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c4d9847a2230905 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:91
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bc787f5dcfc0741 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:120
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9957ac12942762e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:123
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f36bf6698fd3d721 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:126
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a69fcfe7d5b2f648 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:141
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35562aada7f92f7c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:144
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af70d89f780a786b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:182
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad29b33586233a7a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:185
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #310a1813bacb7130 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:188
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76bd247d70e12790 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:213
            with open(kwargs['header_file'], 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9499788034a9c7a6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/posix.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6537d85d95c40fb2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:241
    if 'MESON_COMMAND_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c847e24f0d062194 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:743
    arch = os.environ.get('PROCESSOR_ARCHITEW6432', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98764938f9d769ed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:747
            arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68fc354af5896d06 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:827
    vsver = os.environ.get('VSCMD_VER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #128f511ca1ee31d8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1115
        if varname in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881ee98dc6f2a12f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1117
                num_workers = int(os.environ[varname])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74b735c13190e446 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1529
        with open(src, encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c26510d36b1161fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1537
        with open(dst_tmp, 'w', encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcc502cd6e2c6b04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1598
    with open(ofilename_tmp, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a93c32c282239f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1613
        with open(dst, 'rb') as f1, open(dst_tmp, 'rb') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #199c9ce08b8dfcd4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1701
            with open(args_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01073875e33b0246 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2414
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed7344373c9e0fd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2475
    return int(os.environ.get('MESON_RSP_THRESHOLD', limit))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66e4760b9f2d914a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:35
    if os.environ.get('OSTYPE') == 'cygwin':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #113ae2fa43f9d9c3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:37
    if 'MESON_FORCE_VSENV_FOR_UNITTEST' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b812258d747626 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:40
        if 'VSINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b63a465a2b8ae31 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:55
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b416bfe643858cc9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:117
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65e4df7d55adba1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/win32.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4870b2caad348438 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:170
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa437de0d7135d5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:282
        with open(filename, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0da110009cb5eb77 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:341
            with open(self.get_hashfile(subproject_directory), 'w', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cca488aee3cacfc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:372
        self.cachedir = os.environ.get('MESON_PACKAGE_CACHE_DIR') or os.path.join(self.subdir_root, 'packagecache')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb0f9646d148dc11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:535
                with open(main_fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96996113b528bd89 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:726
            with open(hashfile, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #926e54f27c9773f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:857
        with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7920d10eea52d7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:103
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7c2fff1cd68c56d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:233
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a76cf2d0e79cf0c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:236
        with open(self.main_xml) as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #976808ee99450205 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:239
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb0a353cb388c2f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createpkg.py:94
        with open(self.distribution_file, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0ddcd811c9b3924 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:39
version_lines = pathlib.Path(relfile).read_text().split('\n')[:-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e1a44542b6df67b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:56
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eabb0aaad583222 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:59
    pathlib.Path(relfile).write_text('\n'.join(version_lines) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbb6e8ce63240c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:40
        data = json.loads(cf_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21167dfcd449f107 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6610b23146eaab6b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_format_tests.py:19
    lines = file.read_bytes().split(b'\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad298215d5ce0b9c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:62
        self.orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0d249d5ac97a9ac Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:64
        os.environ['MESON_COMMAND_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d6b3f317df0b97 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:75
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b675b30cfd39218f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:76
        os.environ.update(self.orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c735e439621d8cae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:133
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77818b0d633755bb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:151
        os.environ['PYTHONPATH'] = os.path.join(str(pylibdir), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53930d692d7043b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:152
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22281d60b5cfda97 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:163
            os.environ['PYTHONPATH'] = os.pathsep.join(PYTHONPATHS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3be739c4f5e62e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:196
        wrapper.write_text('#!/bin/sh\n\nmeson.real "$@"', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2807166a337c1e4f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:219
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c680193d07c436d6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:221
        with open(script_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85b0d6695b91c270 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:275
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3416c813dafe761e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:307
print_debug = 'MESON_PRINT_TEST_OUTPUT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3c5aa3c3c9f12f7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:308
under_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2de94863d79d6c3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:309
raw_ci_jobname = os.environ.get('MESON_CI_JOBNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12909a884e1dc83c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:817
            if skip_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96e20b81f842269 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:828
        test_def = json.loads(test_def_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d68745916c5fac8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1057
    sanity_file.write_text('fn main() {\n}\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda1126df824592f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1103
    skip_cmake = ((os.environ.get('compiler') == 'msvc2015' and under_ci) or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ff68bda59ecce27 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1130
        TestCategory('vala', 'vala', backend is not Backend.ninja or not shutil.which(os.environ.get('VALAC', 'valac'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #935cf3e2f7216ab3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1168
    with open(txtname, 'w', encoding='utf-8', errors='ignore') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7308a092f6f2e79d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1683
    if 'VSCMD_VER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c04d0f65b74bb5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1684
        print('VSCMD version', os.environ['VSCMD_VER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc3254693544c69 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:50
    NINJA_1_12_OR_NEWER = bool(int(os.environ['NINJA_1_12_OR_NEWER']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff091c61a0b6acc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:51
    NINJA_CMD = [os.environ['NINJA']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31df6e53482c15ce Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:61
    os.environ['NINJA_1_12_OR_NEWER'] = str(int(NINJA_1_12_OR_NEWER))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86bc50d044c63acd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:62
    os.environ['NINJA'] = NINJA_CMD[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #559d0dddfc72d2e1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:70
os.environ['PYTHONWARNDEFAULTENCODING'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a25f718702ef46a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:72
os.environ['MESON_RUNNING_IN_PROJECT_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c893ce61ec082e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:116
    if not os.environ.get('MKLROOT', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ad770d09178002 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:118
    if (os.environ.get('CC') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1345d553911dec7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:119
            os.environ.get('CXX') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96643f3f52e7f0c4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:120
            os.environ.get('FC') == 'ifort'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b78812f299523de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:129
                 'Please try using the Intel shell.'.format(os.environ.get('MKLROOT')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e9587b7a69dd9f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:171
if 'MESON_EXE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e64431ac6d32bc9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:172
    meson_exe = mesonlib.split_args(os.environ['MESON_EXE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf38a939671b69b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:231
            with open(f, encoding='utf-8') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d3975cd92c209d3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:299
    with mock.patch.dict(os.environ, env or {}), mock.patch.object(sys, 'stdout', stdout), mock.patch.object(sys, 'stderr', stderr):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15d03d6b541e315 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:350
    if not mesonlib.is_windows() and not mesonlib.is_haiku() and 'CI' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72b22e3363ce632e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:364
    if 'APPVEYOR' in os.environ and os.environ['arch'] == 'x86':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c10bfb6fc998371e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:365
        os.environ.pop('platform')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4668869a1bd528bc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:368
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b05a667c76a6ccb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:69
    os.environ['MESON_UNIT_TEST_BACKEND'] = be

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e036eec699f2e70 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:113
        if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0360c02276b7fbdc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:13
    if is_pr_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5df6020427ad26b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:16
    elif os.environ[is_pr_env] == 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1828ea61207f8e21 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:22
    if base_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2022d0209bb9aff3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:25
    return os.environ[base_env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf264bd94cd6728 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cmake/11 cmake_module_path/subprojects/cmMod/gen.py:1
with open('main.c', 'w') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c5c45c6e89208b9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:12
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3376c3710b27e0ba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:13
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e36c0e59c59bab9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:15
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2fe94ed1f52210 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:17
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8161e06d29342f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:8
with open(output, 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bad5c9c3e2458ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:11
        with open(i) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5992d90e827a114 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen-resx.py:8
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ce2a27d611508fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f67c425485f6419 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dcdde1153d44d14 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/109 custom target capture/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dca3cbf3c983c11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/110 allgenerate/converter.py:8
open(ofile, 'w').write(open(ifile).read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e79d1fb120ca32ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/123 custom target directory install/docgen.py:14
    with open(os.path.join(out, name + '.html'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #759fb194271372c0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #541bf307fed5d944 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06b6d640acae5f6f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/128 build by default targets in tests/write_file.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e49179fcce6b20a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:5
ifile = open(sys.argv[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333cdb074c9f8e3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:6
ofile = open(sys.argv[2], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b367b3855e7515 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_custom.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e8b3e270db07af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:4
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74478c52089891dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:6
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6759e7053b647321 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:12
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a9fecf06beaca88 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:15
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e205f52831f42d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:8
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11a0eaeee37e2592 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:10
if 'MESON_BUILD_ROOT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8369db514609329 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:13
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cf94fd2c93a3f5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:16
buildroot = os.environ['MESON_BUILD_ROOT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35fc4725d3fb3aac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/file_contains.py:14
    with open(args.file[0], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e070e62d9c2b68f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c9311b7b7f0035 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c054fca46a8146bb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7601c6dc32a2f731 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9ae309b6275479d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69fccf6f81fd3b56 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42c1569dfe79cc42 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe8ed8b940355b9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:13
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a8a01772b46124b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/141 special characters/check_quoting.py:27
    with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ab03f1541a2fd3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/144 link depends custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46ee32c995541161 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:30
    with open(args.header, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9acd1c92bdb9e00c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:33
    with open(args.code, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fecc1d0539a5c72f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #873e33310816f390 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c45e9d09053ca2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44909a486cc2dabf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:15
funname = open(ifile).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9b84f41d6d20168 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:17
open(ofile, 'w').write(templ % funname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7feb9e3248a22552 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:14
    with open(hname, 'w') as hfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c9783dc7519975 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:20
    with open(cname, 'w') as cfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7673252fd86c631 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/178 bothlibraries/dummy.py:7
    Path(sys.argv[1]).write_text('Hello World\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16a25339d84e0d14 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:6
with open(sys.argv[1]) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e781635c04b2aa9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:9
with open(os.path.join(sys.argv[3]), 'w', errors='replace') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc95dce690d0e8a0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:13
d = pathlib.Path(ifilename).read_text().split('\n')[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00b5cdcf34031703 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:15
pathlib.Path(ofilename).write_text(ftempl % d)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c6fe4a8a19e1e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/186 test depends/gen.py:7
    with open(sys.argv[1], 'w') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eb5b455b5a0bf15 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ade938465e28d0c7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7694022e84831e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35fedd1fdeb4314f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/202 custom target build by default/docgen.py:11
    with open(os.path.join(out, name + '.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e654073f4775f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/208 link custom/custom_stlib.py:73
    c_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07cf1ee20c66557c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/209 link custom_i single from multiple/generate_conflicting_stlibs.py:70
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6d68c4c7e9a393 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/210 link custom_i multiple from multiple/generate_stlibs.py:72
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fea18038e4d2d413 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/check_object.py:16
    with open(sys.argv[2], 'wb') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6ac2207108b0d37 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/libdir/gen.py:3
with open(sys.argv[1], 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #899a893ddfa87383 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/22 object extraction/check-obj.py:12
    with open('compile_commands.json') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #154acf546aad22d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/check_arch.py:12
with open(dummy_output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b09f44806e44c2ef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d7bab3f55698bd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:7
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5c2b76485939116 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/227 very long command line/codegen.py:6
Path(sys.argv[2]).write_text(
    'int func{n}(void) {{ return {n}; }}'.format(n=sys.argv[1]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #227b08de759c3f51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:2
with open('x.c', 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32a653948662a6fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:4
with open('y', 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5d269da8097b03d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/242 custom target feed/my_compiler.py:13
    with open(sys.argv[1], 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #054e220abee482b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:5
assert(Path(sys.argv[1]).read_text() == 'stage1\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52c12458bd2a4198 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:6
Path(sys.argv[2]).write_text('stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5b908a1061c75d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:5
assert(Path(sys.argv[1]).read_text() == 'stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e13ec619862f943 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:6
Path(sys.argv[2]).write_text('int main(void){}\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaf049a6cba2938d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/269 configure file output format/compare.py:3
with open(sys.argv[1], 'r', encoding='utf-8') as f, open(sys.argv[2], 'r', encoding='utf-8') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feb8737ae2dcf90f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:5
ENV_VAR_VALUE = os.environ.get('ENV_VAR_VALUE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c847946edca31325 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:8
with open(sys.argv[1], 'r') as infile, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3b88c90a0d1a2f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:9
     open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8392b77fb2adbaee Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/274 customtarget exe for test/generate.py:12
    with open(a, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db8dfb9245245cba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:9
if os.environ.get(key) == expected:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a0d782612f5cfe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:12
sys.exit(f'Expected {expected!r}, was {os.environ.get(key)!r}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99282cb0e6347740 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/33 run program/check-env.py:5
assert os.environ['MY_PATH'] == os.pathsep.join(['0', '1', '2'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d70a290d56c66b59 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:6
assert os.environ['MESONTESTING'] == 'picklerror'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95c5f1916737b1c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:7
assert os.environ['TEST_LIST_FLATTENING'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44e8adc601a985d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9c7e3a1f8e1daf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:12
with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f45c0169ff479134 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:14
with open(depfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050972fad917c725 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:11
    assert os.environ['MY_COMPILER_ENV'] == 'value'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e55c4314968c16 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:16
    with open(args[1].split('=')[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d057895c4b5df13 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:21
    with open(args[2].split('=')[1], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #def8ba83aa5af294 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f8195d4057802c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30d2d8c775371658 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faf4e11c74597403 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #335e9825feb16580 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:5
with open(sys.argv[1], 'rb') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aade46370b7887f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:6
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f6130675093c3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:6
assert 'MESON_SOURCE_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2b458d0d50f5dbd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:7
assert 'MESON_BUILD_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #358692294a343e7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:8
assert 'MESON_SUBDIR' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24d07131cab638c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:9
assert 'MESONINTROSPECT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb9c6eee110d2223 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:10
assert 'MY_ENV' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d11626cf51156282 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:15
env_source_root = Path(os.environ['MESON_SOURCE_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d69a8b59bbcc58ee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:16
env_build_root = Path(os.environ['MESON_BUILD_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3ae86a0becd1c2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:17
env_current_source_dir = Path(env_source_root, os.environ['MESON_SUBDIR']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91abe1b516058a14 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/converter.py:5
with open(sys.argv[1], 'rb') as ifile, open(sys.argv[2], 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f467d2383720fe1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/fakeburner.py:9
    with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae2d1e392bae89e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:12
    with open(os.path.join(args.dirname, '1.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #134c5af9ec89ba95 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:14
    with open(os.path.join(args.dirname, '2.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e13eba414b70082a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:7
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cad965e99840d31 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:8
dry_run = bool(os.environ.get('MESON_INSTALL_DRY_RUN'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d20fdd546bceaf67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:30
                with open(os.path.join(dirname, name), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e20a4070222632 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #287c7a6719705767 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:13
with open(os.path.join(dirname, sys.argv[2] + '.in'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660749c60a642a73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:10
with open(os.path.join(odir, 'mylib.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e05155064c8ce8a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:12
with open(os.path.join(odir, 'mylib.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #323ddc78f1f131ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc41fd4414fcf4ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a86f7ea0424c36 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cbc389259bae986 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:16
with open(outhdr, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51c13f29576b2bb6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:18
with open(outsrc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ca1bcfbd5facb2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:13
    with open(infile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a723d49d6dd15031 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:16
        with open(outfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e90517c8a079d6a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:22
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87b107c4102a86aa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:5
with open(sys.argv[1]) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91c5bcec2a4d0cd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:8
with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66882a5c2bb032d4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30572062628e89a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9833d7f08ba736 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen2.py:9
with open(files[0]) as ifile, open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c43b00435f9b2723 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/8 install/gendir.py:8
open(fname, 'w').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d52dacc5d52c0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:29
with open(cfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8014b8367c9afd3b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:31
with open(hfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #002e02f7c52c8e2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/88 dep fallback/subprojects/boblib/genbob.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1033a04da5020c1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:21
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d69fdf9cfbccce8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:26
with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1aae940dc6bdfde Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:17
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9efd8b0803cac9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:22
with open(output_c, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba16bf6d3926dbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:31
with open(output_h, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f7744b589a0e564 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen3.py:12
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59a815a235db2bed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/92 test workdir/subdir/checker.py:5
data = open(sys.argv[1], 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adc37d77d23b3cf1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:10
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79e5799785f5fa0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:43
with open(outc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d0610f0582e27c8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:50
with open(outh, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68efa9b9cd663a10 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:57
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fe19bbb99fab0bb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:68
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa211e05a63ca44 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:10
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95139f6458a6858a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:11
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ee48bc10217479 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:13
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2866eb566b84ab2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:15
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2625641ff256990 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30b32ba13bc58570 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/generator.py:11
with open(args.input) as i, open(args.output, 'w') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b407fe501844947a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/libdir/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38f8d460033e4cce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:6
with open(out, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f12b94c4f5099ff1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:8
        with open(infile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ebe6e3cf4b485c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaf6c030c70058a9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:13
with open(os.path.join(odir, name + '.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8feca76e1d8096e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:15
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1769045405539dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:11
with open(outf, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c611c29178e579 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:12
    with open(inf, 'rb') as i:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a1e36b1b720992e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:16
    with open(args.actual, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a1d361e9ca1317 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:18
    with open(args.expected, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a7b30b378ae9e4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:36
    with open(args.input, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #513b19acd419a89c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:41
    with open(args.output, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5651f89b8c059c0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/10 gtk-doc/include/generate-enums-docbook.py:52
        with open(sys.argv[1], 'w') as doc_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efc5122cdac0fc09 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/4 qt/subfolder/generator.py:5
    with open(sys.argv[1], "w") as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fe2b5597cc4cffb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/6 gettext/data3/verify.py:12
with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb125b4a8729808a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/osx/2 library versions/require_pkgconfig.py:6
if 'CI' in os.environ or shutil.which('pkg-config'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc00672975195396 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python/4 custom target depends extmodule/blaster.py:25
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #405f8c95a4a6a015 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python3/4 custom target depends extmodule/blaster.py:26
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4c7c7d63a4f4f35 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/11 generated main/gen.py:12
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0acd119f6dfd0d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/19 structured sources/gen.py:12
    with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a796548f3941923 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/2 testsetups/envcheck.py:5
assert 'PATH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8247cb4a141a0cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1622b47853bcb719 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:16
with open(os.path.join(dirname, sys.argv[2]), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3574fc64bedafedc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:10
source_root = pathlib.Path(os.environ['MESON_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9952cde64d4384 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:14
contents = modfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e655bb7b5d713b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:16
modfile.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554f35bbefab1b9a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:11
source_root = pathlib.Path(os.environ['MESON_PROJECT_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36edc496d2be905b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:12
mesonrewrite = shlex.split(os.environ['MESONREWRITE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cad086ab3a4df5d9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/45 native dep pkgconfig var/cross_pkgconfig.py:7
environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3c397e02acbe314 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:5
assert 'ENV_A' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe0ae2baca05a7a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:6
assert 'ENV_B' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51f7d0d0fdedee54 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:7
assert 'ENV_C' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81a71de02ca0656a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:9
print('ENV_A is', os.environ['ENV_A'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c31cb038091e28e1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:10
print('ENV_B is', os.environ['ENV_B'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d10d115b36e6e6e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:11
print('ENV_C is', os.environ['ENV_C'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6d9b360af84bfa1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/67 test env value/test.py:6
assert os.environ['TEST_VAR'] == sys.argv[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5736160edfdab333 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:15
    defined = 'MESON_EXE_WRAPPER' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cac1c0b797d207c9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:18
        print(os.environ, file=sys.stderr)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f4c51511ae788d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:5
assert os.environ['MESON_DEVENV'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #419fe4079f9fea2b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:6
assert os.environ['MESON_PROJECT_NAME'] == 'devenv'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988d4cb945ba0580 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:7
assert os.environ['TEST_A'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece721075a72e461 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:8
assert os.environ['TEST_B'] == '0+1+2+3+4'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d4d1be4320bb0f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:9
assert os.environ['TEST_C'] == os.pathsep.join(['/prefix', '/suffix'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f52fce9571bf79 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/94 custominc/easytogrepfor/genh.py:5
f = open(sys.argv[1], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb18d73c42517c2f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fdaf314f7343184 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/subdir/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0b8288667822f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/10 mixed sources/c/writec.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9dedf71aef38151 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/8 generated sources/src/write_wrapper.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfce6d37c6488dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/10 vs module defs generated custom target/subdir/make_def.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3c71d80a3e9fb5b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/12 resources with custom targets/res/gen-res.py:5
with open(sys.argv[1]) as infile, open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec61c1f9f0d0450d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/14 resources with custom target depend_files/ico/gen-ico.py:5
with open(sys.argv[1], 'rb') as infile, open(sys.argv[2], 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d619b70c5dc43645 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/16 gui app/gui_app_tester.py:8
    if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0ddab8e63843cf5d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/ac_converter.py:362
with open(sys.argv[1], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18f50db2b30d3283 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:69
    raw = jamroot.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e41ffda4f3da0b81 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:82
    raw = jamfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #733e8a3aa780f975 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:176
    data = json.loads(meta_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #124a1d1ca16d41fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/build_website.py:30
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #09d8d0b3f93be8bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:46
    with open(sourcefile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e2ef7af5fad2acfb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:50
    with open(sourcefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7f5ef57cb918373c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:23
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #55791f300e3ae7b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:121
            with open(output_dir / (cmd+'_'+typ+'.inc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #d833a799097d39fd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:125
    url = urlopen('https://wrapdb.mesonbuild.com/v2/releases.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #3f4b6e9c9beaa29f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:127
    with open(output_dir / 'wrapdb-table.md', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3e81bb114fa8315c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:160
        with open(output_dir/dummy_output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5cad8989c29635a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:12
        if v in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a066270b9b1a2f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:13
            del os.environ[v]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c5dedb1487bbf5f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:16
    os.environ.setdefault('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4269eb63d36af560 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:134
                with open(fin, 'wb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aef97448459c7c2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:138
                    with open(fout, 'rb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ded1ce3d908e63a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:256
                with open(os.path.join(self.builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9a0e6e695ffb1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:260
                with open(os.path.join(cmake_builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bdc70e836c8b5da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:540
        text_log = Path(self.logdir, 'testlog.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbb546f45971f9c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:542
        json_log = json.loads(Path(self.logdir, 'testlog.json').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195c184b006666cf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:740
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1dc8ce447077549 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:759
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c20989dca4efa29c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:801
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d07201f8fd5c187e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:806
        with open(os.path.join(self.logdir, 'testlog-valgrind.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d741f118cbd172c7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:826
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c50abdfcdccc4d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:831
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051a309a6a988e68 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:867
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ba872d538272c35 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:872
        with open(os.path.join(self.logdir, 'testlog-mydefault.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83b3539e3aef67b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:877
        with open(os.path.join(self.logdir, 'testlog-other.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c562409a0db352 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1056
        if mesonbuild.environment.detect_msys2_arch() and ('MESON_RSP_THRESHOLD' in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18c1345f0460357b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1121
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b52e39dc7a21e785 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1142
            if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aadaaedfe1528cd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1155
                        evalue = os.environ.pop(evar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d0a82a1a0476c0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1236
                    if 'arch' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a853a2ae76c1fe6d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1237
                        if os.environ['arch'] == 'x64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a9c983191260339 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1248
                os.environ[evar] = ' '.join(quote_arg(w) for w in wrappercc)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d847de8a4bca1c3c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1252
                os.environ['AR'] = ' '.join(quote_arg(w) for w in wrapperlinker)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b38324a342cdfe5d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1267
                del os.environ['AR']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9ceb03c7f200a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1343
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adf77b953377e7ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1574
            with open(os.path.join(project_dir, '.hg', 'hgrc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5100044d6c969db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1615
        with open(os.path.join(path, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc11b249b7c8afd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1623
            with open(os.path.join(project_dir, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b62183c77dcb25 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1633
            with open(distexe_c, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #394db3d8305bb6a1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1971
                with open(os.path.join(d, 'alexandria.pc'), 'w',
                          encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f619763b90de2e36 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2013
                with open(os.path.join(d, 'alexandriaConfig.cmake'), 'w',
                        encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ae9c65e82e05325 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2142
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39603275b7f434b6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2150
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a39bedf81902a73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2174
            with open(os.path.join(self.privatedir, name), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51d143a2fff5fdf4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2542
                            with open(os.path.join(tmpdir, 'foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a873daed9e4a7038 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2549
                            with open(os.path.join(tmpdir, 'bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1ddc926f0aeeda Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2560
                            with open(os.path.join(tmpdir, 'Foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579516979d577d1b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2567
                            with open(os.path.join(tmpdir, 'Bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #985cd24fe0c7f06c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2984
        with open(os.path.join(self.builddir, 'nosubst-nocopy1.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e034c674f7c0216 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2986
        with open(os.path.join(self.builddir, 'nosubst-nocopy2.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb0a0d799be9571 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2993
                of = open(mfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c6f82ec823e37da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3089
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22cd3d40c47eed2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3092
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74fc5c6e8409c886 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3117
        open(filename, 'w', encoding='utf-8').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10d649c11dc6983 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3272
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #007c567d99501abe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3273
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb9846843314f48 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3274
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34d516e392047d1e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3275
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9cefb3ef47c3282 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3279
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f202559de0606b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3280
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde50f4a1fe7afb6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3281
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99f2105488956f71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3282
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77d1623f7c9fbfa9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3285
            with open(includefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ea85c5d11d63c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3288
            self.assertEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8b7beef84fa915e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3289
                             Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740897873b0830a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3335
        self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b4fe508685be5b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3336
                            Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcf4beb554e764a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3341
        self.assertEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b33bd3c8900bf9ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3342
                         Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c24b8ff3df2baf4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3393
        with open(os.path.join(infodir, 'intro-targets.json'), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471c5f062c1072e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3527
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a2987e2481a1620 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3665
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a617d0dafaa415da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3675
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1807ebcb748c32bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3690
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b20505921b2bf51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3708
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb480c75b939dccc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3719
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51066e84a24fd041 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4125
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57dafad54b78ce1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4142
        with open(doc_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df947f03de6b9291 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4345
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cda178143ac08b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4362
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04fafeb1381388fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4399
        with open(machinefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b22466c874a1cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4428
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66c9c7520482cd78 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4437
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6d41eeab788466 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4446
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02134c54344a7922 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4455
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adf0587f3cc789d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4460
        with open(real_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e92d17ea6d970ecb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4587
        o = Path(fname).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a46a271243320fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4650
        with mock.patch.dict(os.environ, {'CFLAGS': '-DCFLAG', 'LDFLAGS': '-flto'}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79942c986ad370f0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4848
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8715f08aa5a9e04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5181
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #296646c4f9ed04bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5189
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feff7110ad0e4dac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5266
        olddata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4099ddc0bec3f1ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5271
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3caefeab070a1075 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5280
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5db34d9f282d0ca8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5428
        with open(os.path.join(testdir, 'mod1.f90'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc991939444ebb75 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5438
        with open(os.path.join(testdir, 'test.f90'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0abf534ea647380d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:56
        cls.backend_name = os.environ.get('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616e151c5ed6cf2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:91
        cls.env_patch = mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d59bd7e809cb3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:94
        os.environ['COLUMNS'] = '80'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ffbbca3b1e9493c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:95
        os.environ['PYTHONIOENCODING'] = 'utf8'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #279c5406ca23535a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:131
        return open(log, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6128dd4601926a88 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:157
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d25503c78257296 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:261
            with mock.patch.dict(os.environ, override_envvars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cafc931e7546dd3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:311
            with open(os.path.join(self.builddir, 'compile_commands.json'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa558803b71f0995 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:325
                with open(rsp, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f0d4296f46f6ed9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:184
            with open(os.path.join(tmpdir, 'Cargo.lock'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #193f52bda4d111b2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:296
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb6a3ad23e3e1a3c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:310
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7451f90e25c3e7ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:347
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e79c472b7a5b03b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:364
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00d31f67557ef575 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:404
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77a3c5771167a389 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:440
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65868c1a8a05d798 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:460
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dba277a837b0c74 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:59
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c9ac16f3fe504d4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:70
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0351245b926a9156 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:71
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd315e0a8e81e9f7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:105
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ed74b6e4c6ab58f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:176
        with open("docs/markdown/Reference-tables.md", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe5be2d11d9241e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:192
        with open("docs/sitemap.txt", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae435204f5b058d4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:206
        with open("docs/theme/extra/templates/navbar_links.html", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #904ad89b5a5ac424 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:218
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93d9a8f7cad2885a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:228
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281b05b76ad9f6bb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:231
        with open('data/syntax-highlighting/vim/syntax/meson.vim', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4eaf8d89f5cbbb2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:236
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb9bc1c632a6b53e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:246
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18abc3fba419a19c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:93
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84154deafe8708a1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:102
            with open(self.moptions, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1964d08a51672ff3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:119
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2693fa9d34a2f2c6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:33
    return os.environ.get('MESON_CI_JOBNAME', 'thirdparty') != 'thirdparty'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939b61dcf8a821c6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:123
            if key in os.environ and not is_ci():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb3b01491da003b4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:125
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c283b19ebc2006c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:126
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf26d610afd10f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:227
    if os.environ.get('MESON_CI_JOBNAME') == name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78bf586210abdf4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:554
                libpath.write_text('', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb0390a03b1ddcf3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:676
            script_path.write_text('import sys\nprint(sys.argv[1])\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dc0571e3064bbb4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:835
        if 'VCToolsVersion' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38288bab491122f4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:836
            vctools_ver = os.environ['VCToolsVersion']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #576c66a9bb138344 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:838
            self.assertIn('VCINSTALLDIR', os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3df70c9470e26d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ca118196708ae3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3125abd7d6bb4cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1053
        with open('data/test.schema.json', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b325b88d76f3e639 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1064
                schema_validator(json.loads(p.read_text(encoding='utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a45dcfa0008841c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:42
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce33c465ad8963fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:58
    pkgconf = os.environ.get('PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #845683ae624d09d8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:141
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a28c02b6867db1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:153
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7c27a7e0d37b1bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:209
        with open(os.path.join(privatedir2, 'dependency-test.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c87480fed2e2ae15 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:240
        with open(os.path.join(privatedir1, 'simple2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6283a0cf6759bd8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:245
        with open(os.path.join(privatedir1, 'simple3.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db5313c8f07dccd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:249
        with open(os.path.join(privatedir1, 'simple5.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89320cf265b258df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:253
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82b0ac7fa16a8d64 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:259
        os.environ['PKG_CONFIG_LIBDIR'] = os.path.join(self.builddir, 'meson-uninstalled')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f088ac7e48b3de76 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:261
            os.environ['PATH'] += os.pathsep + self.builddir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #938d22f57f5b17a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:272
        with open(os.path.join(self.privatedir, 'somename.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbbedef53aeb0eb8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:809
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8441ad2fe47c5507 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:834
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cb6d20bacfb307e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1119
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8f516b8d2aa902 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1130
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f2d48f63a5c51f1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1260
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #117de93ae3e4fe5c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1275
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dea360d5eb49fb73 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1288
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feb86250b24e2902 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1300
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3d7cc0ca808832 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1319
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3acdf69f0d27bb71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1332
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29982946bb7bbce9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1418
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88a9efa42c554f28 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1483
                os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e13b864e77b46cec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1533
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04e3452cf90e122f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1542
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc629615040b489 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1641
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8dac9636dea262e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1692
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611e98cd04b0a1bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1716
        with open(wrap_filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5625688502cf557f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1744
            with open(os.path.join(d, 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #903defe4f1ad3c6f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1755
        with open(os.path.join(self.privatedir, 'bar1.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75dbe6b80e18d159 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1758
        with open(os.path.join(self.privatedir, 'bar2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #235085f8277796c6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1766
        if 'clang' in os.environ.get('CC', 'dummy') and not is_osx():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #499f88853eda1f3c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1879
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb0fb4f6ef9d4b56 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:80
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d7fca4739e7950f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:102
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1276735ff236e3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:140
        with open(batfile, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3de9bc47a0a46ce4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:174
                with open(fifo, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d19f19d2972f36 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:762
    @skipIf('MESON_EXE' in os.environ, 'MESON_EXE is defined, cannot use mocking.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6e56c56ccad6bd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:776
            with mock.patch.dict(os.environ, {'XDG_DATA_HOME': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23eca3e08a31af96 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:780
            with mock.patch.dict(os.environ, {'XDG_DATA_DIRS': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244bc4b4fa657202 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:781
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5652b3a51026cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:795
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b39749277aedbf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:796
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87b8e00c117218d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:809
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ae974b48143a53 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:909
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38ae3ae8be3f1bef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:104
                with open(os.path.join(self.builddir, 'meson-info', 'intro-targets.json'), 'r', encoding='utf-8') as tgt_intro:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3dfda23c139b0393 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:141
            with urllib.request.urlopen('https://wrapdb.mesonbuild.com') as p:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9b2a47927427d75d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:174
        with open(os.path.join(testdir, 'test.json'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5451c0cee44f6c3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:295
        with open(os.path.join(self.builddir, 'meson-logs', 'profile-startup-modules.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f27d064982d86339 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:298
        with open(os.path.join(testdir, 'expected_mods.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c0f127042224e32 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:387
        with open(editorconfig, 'w', encoding='utf-8') as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c912228e2a8ee0fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:453
        with open(os.path.join(testdir, 'meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c5c7075bae5873f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:462
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #211d2aa7dabd72e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:464
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b57de2b9cf516f0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:497
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab6b15cc0db063db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:499
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b80174260d13e894 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:512
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f84cf142fb9a01 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:514
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10009857dc16c829 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:537
        with open(os.path.join(testdir, 'meson.options'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #570fddb26a421160 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:546
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29ac9516bcf1744 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:555
        with open(os.path.join(testdir, 'subprojects/subproject/meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46578a77bb849fc6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/pythontests.py:44
            mesonfile.write_text('''project('test', 'c', version: '1')
pymod = import('python')
python = pymod.find_installation('python3', required: true)
''', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b7d1693d7bee9a9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:465
        original_contents = meson_build_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34575a7eef52972 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:511
        expected = Path(test_path / "expected_dag.txt").read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #058a4ed55b88b803 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:35
        with open(str(path / 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac720481df657016 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:97
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfc2554799b57d48 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:112
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad2ff7c5206377d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:260
        with open(str((self.subprojects_dir / 'redirect').with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #339e225cf333152e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:49
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46635131ef43e16 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:78
        os.environ['PATH'] += os.pathsep + testdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e086f33bf97443d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:80
        if '.PY' in [ext.upper() for ext in os.environ['PATHEXT'].split(';')]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e51430bf024920 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:104
        path = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d4c79aedc659aa1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:106
            username = os.environ['USERNAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30cbf4f1760aea9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:240
            current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae826a539aafe44 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:296
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d401d36ff1e3c4c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:386
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f635f595dd45ba12 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:438
        if 'VSCMD_VER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e308ac97fa147a05 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:440
        if version_compare(os.environ['VSCMD_VER'], '<16.10.0'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5f11ad6db4984f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:466
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-agent-server

python dependency
expand_more 65 low-confidence finding(s)
low env_fs dependency Excluded from app score #552a3ef4e6fc99b8 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/__main__.py:59
    for source in (extra_paths, os.environ.get(_EXTRA_PYTHON_PATH_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59773f8c88e22db Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/__main__.py:242
    os.environ[_INTERNAL_SERVER_URL_ENV] = _get_internal_server_url(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4400ac0694f2f6aa Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:83
    existing = os.getenv("TMUX_TMPDIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae96f3f6e724be4a Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:89
    os.environ["TMUX_TMPDIR"] = str(tmux_tmpdir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcf52d3a8376a81e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:268
        if tmux_tmpdir_was_defaulted and os.environ.get("TMUX_TMPDIR") == str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c21b2774524fc232 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:271
            os.environ.pop("TMUX_TMPDIR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84e0b6c11cd52087 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/bash_service.py:64
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf4499d42882ca99 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/bash_service.py:72
            json_data = filepath.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38188d7ebc2659da Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:38
    session_api_key = os.getenv(V0_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcf856f0b0ed63f4 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:51
    session_api_key = os.getenv(V0_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f162059744f8dc78 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:54
    session_api_key = os.getenv(V1_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed992e4db9cbb764 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:61
    web_url = os.getenv("OH_WEB_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b7e3fdda49c004 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/config.py:297
    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2184c2bf731fbedb Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:311
        resolved_path = Path(os.getenv(CONFIG_PATH_ENV, DEFAULT_CONFIG_PATH))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdfd9345443de0d8 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_lease.py:238
            raw_payload = json.loads(self._lease_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c7948d0d4509fe Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_lease.py:280
        tmp_path.write_text(json.dumps(payload))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1731de5c96dacc Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_service.py:1167
                json_str = meta_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a7ccfe542d21c16 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/desktop_service.py:23
        self.novnc_port: int = int(os.getenv("NOVNC_PORT", "8002"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f72e5d694f51fc15 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/desktop_service.py:52
                xstartup.write_text(
                    "#!/bin/sh\n"
                    "unset SESSION_MANAGER\n"
                    "unset DBUS_SESSION_BUS_ADDRESS\n"
                    "exec startxfce4\n"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01998fdbef6a6bbf Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:86
            cfg = tomllib.loads(py.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56374881492c1e2d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:330
    git_sha = os.environ.get("SDK_SHA") or os.environ.get("GITHUB_SHA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d13afb3b8178133 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:340
    git_ref = os.environ.get("SDK_REF") or os.environ.get("GITHUB_REF")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4768cf2b94cb4db4 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:367
                cfg = tomllib.loads(pyproject_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407988a39f421fe1 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:655
    root = os.environ.get("BUILD_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13fbb1632d7ba6a2 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:658
    xdg = os.environ.get("XDG_CACHE_HOME", str(Path.home() / ".cache"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6040e66c502538de Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:854
    cache_export_mode = os.environ.get("OPENHANDS_BUILDKIT_CACHE_MODE", "max").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65608df950e4a92d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:974
    v = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44ac09e5e42169f5 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1086
        github_output = os.environ.get("GITHUB_OUTPUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4d4d53eb948acb Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1088
            with open(github_output, "a") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42d7ad79fb20a12c Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1113
            if os.environ.get("PUSH") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cbd784e3596c094 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1115
            if os.environ.get("LOAD") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac9e9d294f4da8bd Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1151
        out_path = os.environ.get("GITHUB_OUTPUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b53dafceb036acd2 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1154
        with open(out_path, "a", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9383b14b5d906786 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:52
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20ef18245d501a83 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:54
        return os.environ[key].upper() in ["1", "TRUE"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8508dcc8a45344d7 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:62
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edafef57035d48ab Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:64
        return int(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dffebbf5ce30018e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:69
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a51208741f0b6ef8 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:71
        return float(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681bd769b7ba7acf Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:76
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec62c6a58ea38250 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:78
        return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0303708398d076c2 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:84
        value = (os.getenv(key) or "").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5347928cf1a0567f Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:99
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b697e2760921500 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:120
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce63aef16ca3d65e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:134
                (k for k in os.environ if k.startswith(env_var_name)), False

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc0c031d937746b Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:168
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9717ff25a1e38570 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:184
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb615c87f7aefe49 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:200
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #030d586665fffa0c Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:280
        kind = os.environ.get(f"{key}_KIND", MISSING)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9062f10645229428 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/event_service.py:123
            meta_file.read_text(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a534ea35a355253 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/event_service.py:132
            meta_file.write_text(
                self.stored.model_dump_json(
                    context={
                        "cipher": self.cipher,
                    }
                )
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd8828c85386651 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:86
        with open(target_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d0fb3d3bc8356f Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:367
    env = {**os.environ, "GIT_INDEX_FILE": str(index_path)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c064e7cc54616c28 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:392
        with open(output_path, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2626e506b4ea857b Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:538
        f = open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #609f0fdc395f15f1 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/init_router.py:204
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb2fb7a3fab231e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/middleware.py:57
            docker_host_addr = os.environ.get("DOCKER_HOST_ADDR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bbd6ebf3231be66 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/openapi.py:18
    schema_path = Path(os.environ["SCHEMA_PATH"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed2490b6c3a30bd0 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/openapi.py:20
    schema_path.write_text(json.dumps(schema, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cd44322196d919f Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/persistence/store.py:700
    env_dir = os.environ.get("OH_PERSISTENCE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa063f56e8c32e6 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/persistence/store.py:719
    env_dir = os.environ.get("OH_PERSISTENCE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea98f38a212233fb Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/plugins_service.py:276
            with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bdc94705ceea134 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/server_details_router.py:51
        default_factory=lambda: os.environ.get("OPENHANDS_BUILD_GIT_SHA", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #760d902e40003b50 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/server_details_router.py:54
        default_factory=lambda: os.environ.get("OPENHANDS_BUILD_GIT_REF", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #359368648f69f544 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/skills_service.py:754
            with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-tools

python dependency
expand_more 31 low-confidence finding(s)
low env_fs tooling reachable #f38058fdc1668ca6 Filesystem access.
pkgs/python/[email protected]/openhands/tools/apply_patch/definition.py:93
            with open(fp, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e0418ded6c3a0bd5 Filesystem access.
pkgs/python/[email protected]/openhands/tools/apply_patch/definition.py:99
            with open(fp, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0552d6a9c658d3d8 Filesystem access.
pkgs/python/[email protected]/openhands/tools/browser_use/event_storage.py:56
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0fcb64836285a202 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:110
        os.environ.get("PROGRAMFILES", "C:\\Program Files"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b20c17e2ea8d5a3b Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:111
        os.environ.get("PROGRAMFILES(X86)", "C:\\Program Files (x86)"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4acc1c1c693ec68e Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:112
        os.environ.get("LOCALAPPDATA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #51729251e1fb858a Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:155
            if local_app_data := os.environ.get("LOCALAPPDATA"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0792aa28f70807c2 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:362
            if os.getenv("OH_ENABLE_VNC", "false").lower() in {"true", "1", "yes"}:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2a7a444ca410d797 Filesystem access.
pkgs/python/[email protected]/openhands/tools/browser_use/recording.py:85
    return filepath.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7d7813b9051097a1 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:174
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3a5dfa2d4c84880f Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:336
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d5e2142f44e324f9 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:570
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0d6563b96afe7996 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:582
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #35cfef0b79f72786 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:759
                with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #780ea8ea0a22bf70 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:772
                with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2837d1384fe6de8c Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/encoding.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #66ef33184abb2a62 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:81
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #91c44dfd95973900 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:112
        with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b2f3013715686bc Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:149
                with open(file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ba62495a554bb876 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:64
                with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f31c46175d8da5b7 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:105
            with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #afe71094177afedd Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:160
            with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #699252d834a1bdb8 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/read_file/impl.py:75
            with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d68c95f1a5ba9f02 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/write_file/impl.py:65
                with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a7fe5fff640b5e5a Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/write_file/impl.py:75
            with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aa20bf5bb0402071 Filesystem access.
pkgs/python/[email protected]/openhands/tools/grep/impl.py:300
                    content = file_path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e036adebb0fbb4d3 Filesystem access.
pkgs/python/[email protected]/openhands/tools/planning_file_editor/definition.py:124
            plan_file.write_text(get_plan_headers())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7fd5fe85b21fe45c Filesystem access.
pkgs/python/[email protected]/openhands/tools/task_tracker/definition.py:243
            with open(tasks_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dc3e8f70c786782b Filesystem access.
pkgs/python/[email protected]/openhands/tools/task_tracker/definition.py:262
            with open(tasks_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2ce27d44a9e8c45b Environment-variable access.
pkgs/python/[email protected]/openhands/tools/terminal/terminal/windows_terminal.py:158
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f513dca896a11f1e Environment-variable access.
pkgs/python/[email protected]/openhands/tools/terminal/timeout_policy.py:20
    raw = (env or os.environ).get(RUNTIME_IDLE_TIMEOUT_SECONDS_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

orjson

python dependency
expand_more 40 low-confidence finding(s)
low env_fs dependency Excluded from app score #2e344a199a460462 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:118
data = json.load(open("../encoding/encodings.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30dff376d2d4d3c3 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:120
indexes = json.load(open("../encoding/indexes.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #533004648105b773 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:366
  partially_generated_file = open(path, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1bfcc7234b3a4f4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:387
label_file = open("src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #383d8ec66593fac2 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:405
  docfile = open("doc/%s.txt" % name, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74ca3e14c3dc929d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:457
label_test_file = open("src/test_labels_names.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad524350ceb9b296 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:484
data_file = open("src/data.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b75c70c1e60740bd Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1173
variant_file = open("src/variant.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cecb58fcdb39f32 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1417
ffi_file = open("../encoding_c/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06f4ade33d5c2d5f Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1440
single_byte_file = open("src/single_byte.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa726e7763f9f024 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1494
static_file = open("../encoding_c/include/encoding_rs_statics.h", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59c0967bb59ccf5 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1560
utf_8_file = open("src/utf_8.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8457fcb37776bfa4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1623
jis0208_in_file = open("src/test_data/jis0208_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d1819df26401c3 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1632
jis0208_in_ref_file = open("src/test_data/jis0208_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec55aafcd9b92678 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1642
jis0208_out_file = open("src/test_data/jis0208_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01080dd77bb1de9d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1643
jis0208_out_ref_file = open("src/test_data/jis0208_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff0673ad57112558 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1660
shift_jis_in_file = open("src/test_data/shift_jis_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef388e251a493e7 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1669
shift_jis_in_ref_file = open("src/test_data/shift_jis_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #724f920ffe25e9c2 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1684
shift_jis_out_file = open("src/test_data/shift_jis_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #395ae3bfd5753635 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1685
shift_jis_out_ref_file = open("src/test_data/shift_jis_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb94f2efe154f99 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1713
iso_2022_jp_in_file = open("src/test_data/iso_2022_jp_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9599da73cee4ca39 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1722
iso_2022_jp_in_ref_file = open("src/test_data/iso_2022_jp_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c691dbc6b45c159 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1732
iso_2022_jp_out_file = open("src/test_data/iso_2022_jp_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b2d96f2129a3c78 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1733
iso_2022_jp_out_ref_file = open("src/test_data/iso_2022_jp_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #010573d53e5e75b0 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1761
euc_kr_in_file = open("src/test_data/euc_kr_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7c27713178dff9 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1770
euc_kr_in_ref_file = open("src/test_data/euc_kr_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b8b866b47980e7 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1785
euc_kr_out_file = open("src/test_data/euc_kr_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f58ad45dcfd7c80 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1786
euc_kr_out_ref_file = open("src/test_data/euc_kr_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b0a9036222986b4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1802
gb18030_in_file = open("src/test_data/gb18030_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a078c189343eb56d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1811
gb18030_in_ref_file = open("src/test_data/gb18030_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc546ccc1fb7e985 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1826
gb18030_out_file = open("src/test_data/gb18030_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6361d0ec18899969 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1827
gb18030_out_ref_file = open("src/test_data/gb18030_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb0ac8e00abd7de Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1845
big5_in_file = open("src/test_data/big5_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bde1df1d387b93c Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1861
big5_in_ref_file = open("src/test_data/big5_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3eb868a20a61690 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1898
big5_out_file = open("src/test_data/big5_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cb479f6b9303618 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1899
big5_out_ref_file = open("src/test_data/big5_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5df620959a54d99a Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1921
jis0212_in_file = open("src/test_data/jis0212_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3e2ab7ef518fdb Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1930
jis0212_in_ref_file = open("src/test_data/jis0212_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe50b6d2efb496bf Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1942
codepage_file = open("../codepage/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c982393c00658a77 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1974
codepage_test_file = open("../codepage/src/tests.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pathspec

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #4487a8174712c015 Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:29
		__line for __line in cpython_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a3ca761eaa2b3bd1 Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:137
	return flit_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9e5a15a252a6ead Filesystem access.
pkgs/python/[email protected]/benchmarks/gen_md_tables.py:17
	run_info = json.loads(in_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfafcc87566c7ed8 Filesystem access.
pkgs/python/[email protected]/prebuild.py:39
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9a4043fee04fb3 Filesystem access.
pkgs/python/[email protected]/prebuild.py:43
	output.append(CHANGES_0_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #092bbdd5073e1158 Filesystem access.
pkgs/python/[email protected]/prebuild.py:46
	CHANGES_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97d5fc84cf409c53 Filesystem access.
pkgs/python/[email protected]/prebuild.py:61
	text = PYPROJECT_IN_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b4ca28268c3297 Filesystem access.
pkgs/python/[email protected]/prebuild.py:64
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecc5d2f0471c6492 Filesystem access.
pkgs/python/[email protected]/prebuild.py:74
	PYPROJECT_TOML.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cde14f85f7233c0c Filesystem access.
pkgs/python/[email protected]/prebuild.py:84
	output.append(README_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e419c0b7298bbc1a Filesystem access.
pkgs/python/[email protected]/prebuild.py:91
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcbbe9e169967323 Filesystem access.
pkgs/python/[email protected]/prebuild.py:94
	README_DIST_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #055db4ea6c9a84ea Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:36
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29b3a7d5d34d643f Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:46
	output = PYPROJECT_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e776fc5a26aa8a08 Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:54
	PYPROJECT_TOML.write_text(output)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pexpect

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #99dc5f8179e7da8d Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:52
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b33f09b516d28657 Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:78
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #393b2c5c15237438 Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:127
    fout = open ('moves.log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7aaa0d5dd45dfc59 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:48
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #02c07cd9d9ee2302 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:61
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f9fd43183b6f36ca Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:109
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #78243972d5c54b9b Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:118
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1dc398acc8c23b4d Environment-variable access.
pkgs/python/[email protected]/examples/hive.py:111
histfile = os.path.join(os.environ["HOME"], ".hive_history")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c8e4d2388ea70804 Filesystem access.
pkgs/python/[email protected]/examples/script.py:76
        fout = open(script_filename, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ab51fcba440a271e Filesystem access.
pkgs/python/[email protected]/examples/script.py:78
        fout = open(script_filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cd4a04d4636d8b86 Environment-variable access.
pkgs/python/[email protected]/examples/terminal_emulation.py:63
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdd3bf9ee4c41b10 Filesystem access.
pkgs/python/[email protected]/pexpect/ANSI.py:178
    fout = open ('log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26d1d935db24b75d Filesystem access.
pkgs/python/[email protected]/pexpect/pxssh.py:366
            with open(ssh_config, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7803660f5e046858 Environment-variable access.
pkgs/python/[email protected]/pexpect/utils.py:57
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e81230267320e4be Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open(os.path.join(os.path.dirname(__file__), 'pexpect', '__init__.py'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prometheus-client

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #b5d37c10b5a45cc4 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/django/exposition.py:12
    multiprocess_mode: bool = "PROMETHEUS_MULTIPROC_DIR" in os.environ or "prometheus_multiproc_dir" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb4ad3b68703914 Filesystem access.
pkgs/python/[email protected]/prometheus_client/exposition.py:473
        with open(tmppath, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55faad91199f1e9a Environment-variable access.
pkgs/python/[email protected]/prometheus_client/metrics.py:45
    return os.environ.get("PROMETHEUS_DISABLE_CREATED_SERIES", 'False').lower() not in ('true', '1', 't')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469e68005240cbb4 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/metrics.py:206
        if 'prometheus_multiproc_dir' in os.environ or 'PROMETHEUS_MULTIPROC_DIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5abfbd59952bb4dd Environment-variable access.
pkgs/python/[email protected]/prometheus_client/metrics.py:224
        if 'prometheus_multiproc_dir' in os.environ or 'PROMETHEUS_MULTIPROC_DIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32303ba97625af05 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/metrics.py:257
        if 'prometheus_multiproc_dir' in os.environ or 'PROMETHEUS_MULTIPROC_DIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012717bea26dcc8c Filesystem access.
pkgs/python/[email protected]/prometheus_client/mmap_dict.py:64
        self._f = open(filename, 'rb' if read_mode else 'a+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b048acdb125b764 Filesystem access.
pkgs/python/[email protected]/prometheus_client/mmap_dict.py:86
        with open(filename, 'rb') as infp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e9b31512ea0e0c Environment-variable access.
pkgs/python/[email protected]/prometheus_client/multiprocess.py:25
            if 'prometheus_multiproc_dir' in os.environ and 'PROMETHEUS_MULTIPROC_DIR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a5e97c4b138525 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/multiprocess.py:26
                os.environ['PROMETHEUS_MULTIPROC_DIR'] = os.environ['prometheus_multiproc_dir']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3594bd7269bcf6f Environment-variable access.
pkgs/python/[email protected]/prometheus_client/multiprocess.py:28
            path = os.environ.get('PROMETHEUS_MULTIPROC_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c173f3c0837058a Environment-variable access.
pkgs/python/[email protected]/prometheus_client/multiprocess.py:180
        path = os.environ.get('PROMETHEUS_MULTIPROC_DIR', os.environ.get('prometheus_multiproc_dir'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82da394b84b83ef Filesystem access.
pkgs/python/[email protected]/prometheus_client/process_collector.py:49
        with open(os.path.join(self._proc, 'stat'), 'rb') as stat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf1eba390ca61383 Filesystem access.
pkgs/python/[email protected]/prometheus_client/process_collector.py:62
            with open(os.path.join(pid, 'stat'), 'rb') as stat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7244020739154324 Filesystem access.
pkgs/python/[email protected]/prometheus_client/process_collector.py:83
            with open(os.path.join(pid, 'limits'), 'rb') as limits:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2244295cad25eaf Environment-variable access.
pkgs/python/[email protected]/prometheus_client/validation.py:11
    return os.environ.get("PROMETHEUS_LEGACY_NAME_VALIDATION", 'False').lower() in ('true', '1', 't')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da848c30df10683 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/values.py:63
            if 'prometheus_multiproc_dir' in os.environ and 'PROMETHEUS_MULTIPROC_DIR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b46aa3c9ffab63b3 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/values.py:64
                os.environ['PROMETHEUS_MULTIPROC_DIR'] = os.environ['prometheus_multiproc_dir']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #159868967a2b155c Environment-variable access.
pkgs/python/[email protected]/prometheus_client/values.py:79
                    os.environ.get('PROMETHEUS_MULTIPROC_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e62367e4e90e96b6 Environment-variable access.
pkgs/python/[email protected]/prometheus_client/values.py:133
    if 'prometheus_multiproc_dir' in os.environ or 'PROMETHEUS_MULTIPROC_DIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prompt-toolkit

python dependency
expand_more 20 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #4d014e3fe08fda96 Filesystem access.
pkgs/python/[email protected]/examples/full-screen/pager.py:23
with open(_pager_py_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f8917177de2db306 Filesystem access.
pkgs/python/[email protected]/examples/full-screen/text-editor.py:184
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4f97a9448c005d4 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1560
        with open(filename, "w", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09ee7697dfed54c Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1595
                    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4413c3704a23327 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1623
        visual = os.environ.get("VISUAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377ab20f179e3552 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1624
        editor = os.environ.get("EDITOR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdeb0b47bf93fb4b Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/completion/filesystem.py:115
            get_paths=lambda: os.environ.get("PATH", "").split(os.pathsep),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ad9645aaf16c8ec Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:282
            with open(self.filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8238c6199ce5c99 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:299
        with open(self.filename, "ab") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9044a83843dd3ae1 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:47
        if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de27faa8069ffcf4 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:52
        if os.environ.get("PROMPT_TOOLKIT_COLOR_DEPTH") in all_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab9ea429ede76a20 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:53
            return cls(os.environ["PROMPT_TOOLKIT_COLOR_DEPTH"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9df1ec321ca93f Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/vt100.py:722
        if os.environ.get("PROMPT_TOOLKIT_NO_CPR", "") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49644fe6448ce76e Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:72
        xterm = "xterm" in os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f97724d20bc607ca Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:80
                "that is compiled for Cygwin.".format(os.environ["TERM"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee36153c60be6b9 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:119
            self.LOG = open(_DEBUG_RENDER_OUTPUT_FILENAME, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4417ca5cacef31ac Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:210
    return sys.platform == "win32" and os.environ.get("ConEmuANSI", "OFF") == "ON"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb3f4b239eb44918 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:224
    value = os.environ.get("PROMPT_TOOLKIT_BELL", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c574144ad4786f9 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:230
    return os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #118c3a0854ab0806 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:325
        return is_dumb_terminal(os.environ.get("TERM", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

protobuf

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #7e9ca88b3a1d4e92 Environment-variable access.
pkgs/python/[email protected]/google/protobuf/internal/api_implementation.py:65
_implementation_type = os.getenv('PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION',
                                 _implementation_type)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6d9e7cbc525c1d7 Environment-variable access.
pkgs/python/[email protected]/google/protobuf/runtime_version.py:71
  disable_flag = os.getenv('TEMPORARILY_DISABLE_PROTOBUF_VERSION_CHECK')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ea974697198b40f Filesystem access.
pkgs/python/[email protected]/setup.py:28
  with open(os.path.join('google', 'protobuf', '__init__.py')) as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psutil

python dependency
expand_more 27 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #3a61afb0393e137e Filesystem access.
pkgs/python/[email protected]/docs/conf.py:39
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dcbac604dac42d3 Environment-variable access.
pkgs/python/[email protected]/psutil/_common.py:34
PSUTIL_DEBUG = bool(os.getenv('PSUTIL_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4f36bac26fffb0 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:682
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c544e47e3319c4d Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:692
    fobj = open(  # noqa: SIM115
        fname,
        buffering=FILE_READ_BUFFER_SIZE,
        encoding=ENCODING,
        errors=ENCODING_ERRS,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9009e6ce50c7bc Environment-variable access.
pkgs/python/[email protected]/psutil/_psaix.py:375
        for path in os.environ["PATH"].split(":"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb843c9bfa3e5cf7 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:142
        with open('/proc/meminfo', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a723d75e2a43d59 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:276
        with open('/proc/stat', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f13e645cd235f337 Environment-variable access.
pkgs/python/[email protected]/psutil/_pssunos.py:119
            f"PATH=/usr/sbin:/sbin:{os.environ['PATH']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5a4acb84a4a28335 Filesystem access.
pkgs/python/[email protected]/scripts/internal/convert_readme.py:33
    with open(args.file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ec728263fc234d6 Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:64
    with open(OUTFILE, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #30d18c41176cc444 Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:87
        with open(os.path.expanduser(args.tokenfile)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a369971efd7722cf Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:98
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bcd7aecfd7d47b8f Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:113
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4161618dab443c93 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:134
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cfbe345af748393a Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:164
    with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7bcf7aa0ccaf68e Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:178
        with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b5651bdc6b09c9f Filesystem access.
pkgs/python/[email protected]/scripts/internal/git_pre_commit.py:156
    with open("MANIFEST.in", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #86ca2aacddcb4f71 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/install_pip.py:34
        req = urlopen(URL, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #041aad9682bf1822 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_announce.py:81
    with open(HISTORY) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ee649473dee6ff7 Environment-variable access.
pkgs/python/[email protected]/scripts/internal/print_downloads.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e6e4e398da65bb23 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_hashes.py:18
    with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e2070546c627cdd9 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:56
                with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a8746e12df1be6f7 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:64
                    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c22278acc0ff619 Environment-variable access.
pkgs/python/[email protected]/setup.py:46
        if "CIBUILDWHEEL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6299a427d919d9 Filesystem access.
pkgs/python/[email protected]/setup.py:142
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f41e881c5b62ac1 Environment-variable access.
pkgs/python/[email protected]/setup.py:258
        if os.getenv('CC'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fbd5081761fe8cf Environment-variable access.
pkgs/python/[email protected]/setup.py:259
            compiler.set_executable('compiler_so', os.getenv('CC'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psycopg2-binary

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #094d278802abbf09 Filesystem access.
pkgs/python/[email protected]/doc/src/tools/make_sqlstate_docs.py:16
    with open(clsfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5a03b8ff4da36b98 Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:40
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f44534751699e027 Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:49
    for line in open(filename):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5259789ca7e7bbe4 Filesystem access.
pkgs/python/[email protected]/scripts/make_errors.py:34
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ef1cabd1081e15f Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:47
    f1 = open(f'debug-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e44320933c628f2 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:48
    f2 = open(f'debug-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2f2b7e3d9ba07dc3 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:56
        f1 = open(f'objs-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b969a836a904789 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:57
        f2 = open(f'objs-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a7ddb34e087bdfc0 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:88
        stream=open(f"debug-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ffac58acf16cbcfb Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:103
        pprint(co, stream=open(f"objs-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942aff5429ae9385 Environment-variable access.
pkgs/python/[email protected]/setup.py:125
            path_directories = os.environ['PATH'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2658c33fdd18ad2 Filesystem access.
pkgs/python/[email protected]/setup.py:511
    f = open("README.rst")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pygithub

python dependency
expand_more 36 low-confidence finding(s)
low env_fs dependency Excluded from app score #17fbb03ec50b8aaa Filesystem access.
pkgs/python/[email protected]/doc/conf.py:302
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3858c2d58d5b588a Filesystem access.
pkgs/python/[email protected]/doc/conf.py:324
with open("github_objects.rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27ec8cab57a52489 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:335
    with open("github_objects/" + githubObjectClass + ".rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49b82aae81f76af2 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:345
    with open("../" + module.replace(".", "/") + ".py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c1827da8c5086fb Filesystem access.
pkgs/python/[email protected]/doc/conf.py:387
with open("apis.rst", "w") as apis:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2a9b8ade754088d Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1016
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b577f929621dbe64 Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1140
            f = open(local_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #91cedbb7254237ad Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:173
        with open(filename, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c56e4380e8add211 Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:178
            with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e83d87c8d463175 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1897
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3501b2297ce05b71 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1963
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #647aee4cb0cadc59 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2075
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #313ee06a9b074c4b Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2094
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13abb22499b7cd54 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2109
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1327da18a590dc1c Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2111
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a2c044b2d50421d Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2205
                with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cb69d47666e9dded Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2216
                    with open(clazz.test_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #58f915500e33070a Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2241
        with open(spec_file, "wb") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0aaa5b5533da8940 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2369
            with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8acd24b3c073e0c2 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2394
                with open(index_filename) as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3fc914131e1249cc Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2400
            with open(index_filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ba8f6f6077cd01f0 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2407
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ed77a5980c7f5e18 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2409
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4efe2b61606cd014 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2573
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #06d4b1492a246cd3 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2575
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c2f618cc85afb882 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2843
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1c592a8b9898d877 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2998
                        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #611c129b23feb567 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3045
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1268cf34b9704ece Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3064
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cd61a0ff927328ee Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3066
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ef6504a33a14bc90 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3074
        with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #12bc9384c1072966 Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:109
    with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf1d3f05f4ec2b88 Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:125
            with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9375af452b709b1d Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:186
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae591eec6f38b7a1 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:203
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #331630fed84433f6 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:224
    with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyjwt

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #66aa58fe3fc96158 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
    with open(os.path.join(here, *parts), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9b1c1091b697b184 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:97
os.environ["SPHINX_BUILD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e4b9644a550f683 Environment-variable access.
pkgs/python/[email protected]/jwt/algorithms.py:102
    if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #562bd64a7d516ae3 Environment-variable access.
pkgs/python/[email protected]/jwt/api_jwt.py:25
if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pylatexenc

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c88305cbc677dc9e Filesystem access.
pkgs/python/[email protected]/pylatexenc/latex2text/__init__.py:981
            with open(fnfull) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc3757d92414126 Filesystem access.
pkgs/python/[email protected]/setup.py:35
    with open(os.path.join(*paths), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pypdf

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #4d42b597ae1eb67a Filesystem access.
pkgs/python/[email protected]/pypdf/_page.py:2033
            debug_path.joinpath("fonts.json").write_text(
                json.dumps(fonts, indent=2, default=asdict),
                "utf-8"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb76ed89d2aeb18 Filesystem access.
pkgs/python/[email protected]/pypdf/_reader.py:172
            with open(stream, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55317f3dafe2ab9 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:285
        debug_path.joinpath("bt_groups.json").write_text(
            json.dumps(ty_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #547e2b324d6d2dad Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:351
        debug_path.joinpath("bts.json").write_text(
            json.dumps(bt_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a905e05396a5fa9a Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:354
        debug_path.joinpath("tjs.json").write_text(
            json.dumps(
                tj_ops, indent=2, default=lambda x: getattr(x, "to_dict", str)(x)
            ),
            "utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345255fb0c5cbcde Filesystem access.
pkgs/python/[email protected]/pypdf/_utils.py:391
    with open("pypdf_pdfLocation.txt", "wb") as output_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b6ba615bfb2dbba Filesystem access.
pkgs/python/[email protected]/pypdf/_writer.py:245
                with open(fileobj, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcb20536b088e658 Environment-variable access.
pkgs/python/[email protected]/pypdf/filters.py:752
            environment = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0b1a5d839c384b21 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/resources/afm_to_dataclass.py:24
        with urllib.request.urlopen(
            f"https://{FONT_LOC}"
        ) as connection, ZipFile(BytesIO(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

python-docx

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #150f4c74c4891d86 Filesystem access.
pkgs/python/[email protected]/src/docx/image/image.py:41
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9190a06df743c57e Filesystem access.
pkgs/python/[email protected]/src/docx/opc/phys_pkg.py:47
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #751d5b52d1285659 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/comments.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24ba2b08824ff466 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:31
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77f9b0f163866e60 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:51
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea11033a6e6cdb12 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/settings.py:48
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7634a7370cbd0e3 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/styles.py:40
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #92daa328f8e9d9a0 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a91e8a9d29e3953 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0182d4c4d26a92ac Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50a00b244b39ca8e Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29061ee0b97ab2cd Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef47b5d4e94a04bb Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #010fe2ceccefebbf Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a84806f5e2b2bb6 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b510dab9389e3b Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c3318f76416bef9 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9f659ce65426e9 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-frontmatter

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #a6fab71b3d171a25 Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open("README.md") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-multipart

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d3cbfd8db4115479 Filesystem access.
pkgs/python/[email protected]/python_multipart/multipart.py:516
                tmp_file = open(path, "w+b")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-pptx

python dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #cd39004bb4fe6af9 Filesystem access.
pkgs/python/[email protected]/features/steps/picture.py:43
    with open(test_image(filename), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #059e2372fc9152e5 Filesystem access.
pkgs/python/[email protected]/features/steps/placeholder.py:141
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc72b7fbf00ffd4 Filesystem access.
pkgs/python/[email protected]/features/steps/presentation.py:88
    with open(test_pptx("test"), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f86707d756ea1f19 Filesystem access.
pkgs/python/[email protected]/features/steps/presentation.py:107
    with open(saved_pptx_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e74eb681255336 Filesystem access.
pkgs/python/[email protected]/features/steps/shape.py:461
    with open(test_file("just-two-mice.png"), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c501904da7e44b Filesystem access.
pkgs/python/[email protected]/features/steps/shapes.py:65
    with open(test_file(filename), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93673da0f2d10fac Filesystem access.
pkgs/python/[email protected]/src/pptx/media.py:37
            with open(movie_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #855b18dc3b42ed0b Filesystem access.
pkgs/python/[email protected]/src/pptx/opc/package.py:367
            with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e87b6e388dc7444e Filesystem access.
pkgs/python/[email protected]/src/pptx/opc/serialized.py:166
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad96b6cbb240475e Filesystem access.
pkgs/python/[email protected]/src/pptx/oxml/__init__.py:29
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3adca569e623a002 Filesystem access.
pkgs/python/[email protected]/src/pptx/parts/image.py:163
            with open(image_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd7425f9fb475110 Environment-variable access.
pkgs/python/[email protected]/src/pptx/text/fonts.py:80
        home = os.environ.get("HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17b5231370603739 Filesystem access.
pkgs/python/[email protected]/src/pptx/text/fonts.py:200
        return cls(open(path, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pythonnet

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #7e68d5f9f447f4c9 Environment-variable access.
pkgs/python/[email protected]/pythonnet/__init__.py:51
        for k, v in environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b48a041a494ecd0 Environment-variable access.
pkgs/python/[email protected]/pythonnet/__init__.py:113
    spec = environ.get("PYTHONNET_RUNTIME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8f0a902838645a2 Environment-variable access.
pkgs/python/[email protected]/setup.py:13
os.environ["EnableSourceControlManagerQueries"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyyaml

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ae7610037d05aee0 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b67cf1ea6e0c4d9 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e4af48e1d97af9 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qtconsole

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #58770f809aad5d3f Filesystem access.
pkgs/python/[email protected]/docs/autogen_config.py:32
    with open(destination, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6b41bb8f5bf8b097 Filesystem access.
pkgs/python/[email protected]/docs/source/conf.py:16
exec(compile(open('../../qtconsole/_version.py').read(), '../../qtconsole/_version.py', 'exec'), release_info)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8829d20087bc1dd3 Environment-variable access.
pkgs/python/[email protected]/docs/source/conf.py:19
if os.environ.get('READTHEDOCS', None) == 'True':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5793be2644ca4b0e Filesystem access.
pkgs/python/[email protected]/docs/source/conf.py:22
    exec(compile(open('../autogen_config.py').read(), '../autogen_config.py', 'exec'), ns )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2d0ada6796d6302 Environment-variable access.
pkgs/python/[email protected]/qtconsole/console_widget.py:2576
            if not os.environ.get('QTCONSOLE_TESTING'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46ccea3276ef263d Filesystem access.
pkgs/python/[email protected]/qtconsole/qtconsoleapp.py:348
                with open(self.stylesheet) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b199f1c55dd730f7 Environment-variable access.
pkgs/python/[email protected]/qtconsole/qtconsoleapp.py:424
                os.environ['QT_MAC_WANTS_LAYER'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48143c247cfc376f Filesystem access.
pkgs/python/[email protected]/qtconsole/rich_text.py:150
    with io.open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6364eafd6db9b26 Filesystem access.
pkgs/python/[email protected]/qtconsole/rich_text.py:173
    with io.open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c4236456f2aff22 Filesystem access.
pkgs/python/[email protected]/qtconsole/svg.py:33
        f = open(filename, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a16736f913ef7958 Filesystem access.
pkgs/python/[email protected]/setup.py:44
with open(pjoin(here, name, '_version.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b17747600f776411 Filesystem access.
pkgs/python/[email protected]/setup.py:47
with io.open(os.path.join(here, 'README.md'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

redis

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #40c01709d8a11d54 Filesystem access.
pkgs/python/[email protected]/redis/commands/json/commands.py:317
        with open(file_name) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #c7eae34399d54b73 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:771
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9348a338b525070 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:772
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fd383c419e0bf0a Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:209
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0f81cb8c64ec03 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:740
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa816d4e11f73b2 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:741
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59ecc0b7ff962c01 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:747
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8c7c4b9c4e9a61 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:749
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01dfe0d4bee7c33a Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:762
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

resend

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #23b5484d27f4331f Environment-variable access.
pkgs/python/[email protected]/resend/__init__.py:73
api_key = os.environ.get("RESEND_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268f028240c6e2ef Environment-variable access.
pkgs/python/[email protected]/resend/__init__.py:74
api_url = os.environ.get("RESEND_API_URL", "https://api.resend.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #506fcd543707e940 Filesystem access.
pkgs/python/[email protected]/setup.py:9
with open("resend/version.py", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6ab76655741e190 Filesystem access.
pkgs/python/[email protected]/setup.py:13
    install_requires = open("requirements.txt").readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fcef11ddb41f0ff Filesystem access.
pkgs/python/[email protected]/setup.py:21
    long_description=open("README.md", encoding="utf8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

runloop-api-client

python dependency
expand_more 25 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #e02edcec679e9178 Filesystem access.
pkgs/python/[email protected]/examples/blueprint_with_build_context.py:57
        (tmp_path / "app.py").write_text('print("Hello from app")')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #970be52392ac8b5a Filesystem access.
pkgs/python/[email protected]/examples/blueprint_with_build_context.py:58
        (tmp_path / "config.txt").write_text("key=value")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f790c98bd5382baa Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:57
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6965abe4195595af Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:58
    anthropic_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1f24e3f4ceacdea8 Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:155
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c2859fa7b83d81ab Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:166
    anthropic_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e7e0daa9b855f43 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:114
            bearer_token = os.environ.get("RUNLOOP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b771adcdbd558977 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:122
            base_url = os.environ.get("RUNLOOP_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #405ac6d19e5fee70 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:126
        custom_headers_env = os.environ.get("RUNLOOP_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939e1ee54e2d0fdb Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:408
            bearer_token = os.environ.get("RUNLOOP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f66d8215caf1ef Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:416
            base_url = os.environ.get("RUNLOOP_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be2f1b9b2f1a30c9 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:420
        custom_headers_env = os.environ.get("RUNLOOP_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d1ff52527240ef Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2824b09b94f1032c Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df75bebc0d7f9cd Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eed4200c87225803 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67de66689acb58b6 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d448dd9206194653 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_response.py:497
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4df9e850fb79c98 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_response.py:539
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1256d656b26f7d9b Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_logs.py:17
    env = os.environ.get("RUNLOOP_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ccaa0cd546d325 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45ea275cb357c63f Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4178c81cd5cc4c2 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7035fb2dff3d55b5 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/sdk/async_.py:405
            content = await asyncio.to_thread(lambda: path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3471dc914595b31d Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/sdk/sync.py:403
            content = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

scikit-learn

python dependency
expand_more 50 low-confidence finding(s)
low env_fs dependency Excluded from app score #39752a2f8bf161d9 Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:122
if os.environ.get("NO_MATHJAX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a9541a9f5322a4b Filesystem access.
pkgs/python/[email protected]/doc/conf.py:622
            with open(readme, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06ada732dc8f6c36 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:819
    with open(searchindex_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2bb2494c3ae1458 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:825
    with open(searchindex_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7eb5a0d14cbecae Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:884
if os.environ.get("SKLEARN_WARNINGS_AS_ERRORS", "0") != "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c2beafa32c0139 Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:975
github_token = os.getenv("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3236357c72851016 Environment-variable access.
pkgs/python/[email protected]/doc/conftest.py:49
    run_network_tests = environ.get("SKLEARN_SKIP_NETWORK_TESTS", "1") == "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #14034627ce732363 Filesystem access.
pkgs/python/[email protected]/examples/applications/plot_out_of_core_classification.py:171
        assert sha256(archive_path.read_bytes()).hexdigest() == ARCHIVE_SHA256

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fb60d2ecf0918044 Filesystem access.
pkgs/python/[email protected]/examples/applications/plot_out_of_core_classification.py:180
        for doc in parser.parse(open(filename, "rb")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fb5ae7975a461fad Filesystem access.
pkgs/python/[email protected]/examples/applications/wikipedia_principal_eigenvector.py:60
        with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df672efcdb500cae Environment-variable access.
pkgs/python/[email protected]/sklearn/__init__.py:56
os.environ.setdefault("KMP_DUPLICATE_LIB_OK", "True")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0efc239089ec9de3 Environment-variable access.
pkgs/python/[email protected]/sklearn/__init__.py:60
os.environ.setdefault("KMP_INIT_AT_FORK", "FALSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ca496f72ee31153 Environment-variable access.
pkgs/python/[email protected]/sklearn/__init__.py:145
    _random_seed = os.environ.get("SKLEARN_SEED", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf44923c4db71d78 Filesystem access.
pkgs/python/[email protected]/sklearn/_build_utils/tempita.py:22
    with open(fromfile, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #827d4decdd2b2e41 Filesystem access.
pkgs/python/[email protected]/sklearn/_build_utils/tempita.py:28
    with open(outfile, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #342fd413764ee6a0 Filesystem access.
pkgs/python/[email protected]/sklearn/_build_utils/version.py:11
data = open(sklearn_init).readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a604eb80665b9abd Environment-variable access.
pkgs/python/[email protected]/sklearn/_config.py:11
    "assume_finite": bool(os.environ.get("SKLEARN_ASSUME_FINITE", False)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9586c09b682b25d Environment-variable access.
pkgs/python/[email protected]/sklearn/_config.py:12
    "working_memory": int(os.environ.get("SKLEARN_WORKING_MEMORY", 1024)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ccc37de028ba4da Environment-variable access.
pkgs/python/[email protected]/sklearn/_config.py:16
        os.environ.get("SKLEARN_PAIRWISE_DIST_CHUNK_SIZE", 256)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3609417af5b0632f Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:62
    run_network_tests = environ.get("SKLEARN_SKIP_NETWORK_TESTS", "1") == "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa508202fb631dbb Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:89
    environ.get("SKLEARN_RUN_FLOAT32_TESTS", "0") != "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fabc5e022d79e1b0 Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:102
    download_if_missing = environ.get("SKLEARN_SKIP_NETWORK_TESTS", "1") == "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c84b0757ba780280 Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:139
    run_network_tests = environ.get("SKLEARN_SKIP_NETWORK_TESTS", "1") == "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dac0d8814bdf729 Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:172
    worker_id = environ.get("PYTEST_XDIST_WORKER", "gw0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07e6970dc37547cd Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:398
    random_seed_var = environ.get("SKLEARN_TESTS_GLOBAL_RANDOM_SEED")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe385cc364132cae Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:450
    xdist_worker_count = environ.get("PYTEST_XDIST_WORKER_COUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e69358f9b8ebc71c Environment-variable access.
pkgs/python/[email protected]/sklearn/conftest.py:457
    if environ.get("SKLEARN_WARNINGS_AS_ERRORS", "0") != "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c9426fb37470b5b Environment-variable access.
pkgs/python/[email protected]/sklearn/datasets/_base.py:83
        data_home = environ.get("SCIKIT_LEARN_DATA", join("~", "scikit_learn_data"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #823e86791021712a Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_base.py:309
            data.append(Path(filename).read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d437d05a58d55c3f Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_base.py:489
    return path.read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c8b4c991ea9303 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_base.py:1428
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #577088eb7df20693 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_lfw.py:441
    with open(index_file_path, "rb") as index_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e400bca330538fd Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_svmlight_format_io.py:197
        return open(f, "rb", closefd=False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c52cbe7f76a8495 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_svmlight_format_io.py:213
        return open(f, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bed11006029ccfd5 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_svmlight_format_io.py:590
        with open(f, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71e3916f30b98737 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_twenty_newsgroups.py:96
    with open(cache_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a9698069ab5f51 Filesystem access.
pkgs/python/[email protected]/sklearn/datasets/_twenty_newsgroups.py:307
            with open(cache_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41bc47c14b51821a Filesystem access.
pkgs/python/[email protected]/sklearn/feature_extraction/text.py:232
            with open(doc, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df63302acb13d6c Filesystem access.
pkgs/python/[email protected]/sklearn/tree/_export.py:929
            out_file = open(out_file, "w", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09d042c4e091b158 Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_array_api.py:182
    if os.environ.get("SCIPY_ARRAY_API") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54dfe41f5ebf57e1 Filesystem access.
pkgs/python/[email protected]/sklearn/utils/_repr_html/estimator.py:20
    estimator_css = estimator_css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63fc50fa9a4b0a94 Filesystem access.
pkgs/python/[email protected]/sklearn/utils/_repr_html/estimator.py:21
    params_css = params_css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #451cd82e2fa036d7 Filesystem access.
pkgs/python/[email protected]/sklearn/utils/_repr_html/estimator.py:22
    features_css = features_css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fd911d2052cb9ba Filesystem access.
pkgs/python/[email protected]/sklearn/utils/_repr_html/estimator.py:563
        with open(str(Path(__file__).parent / "estimator.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d1bdb97da1bdf36 Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:367
    if int(os.environ.get("SKLEARN_SKIP_NETWORK_TESTS", 0)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d2f7277fdc2bf5 Filesystem access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:926
        with open(source_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #220d031aaaf340e8 Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:930
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aff7702063f1117e Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:937
        coverage_rc = os.environ.get("COVERAGE_PROCESS_START")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e1e6b1c77e698f5 Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:1334
    if os.environ.get("SCIPY_ARRAY_API") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96144a67f1ff4e7e Environment-variable access.
pkgs/python/[email protected]/sklearn/utils/_testing.py:1363
        if os.getenv("PYTORCH_ENABLE_MPS_FALLBACK") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

setuptools

python dependency
expand_more 162 low-confidence finding(s)
low env_fs dependency Excluded from app score #8561c8e0e12ba519 Environment-variable access.
pkgs/python/[email protected]/_distutils_hack/__init__.py:49
    which = os.environ.get('SETUPTOOLS_USE_DISTUTILS', 'local')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0276235942997c72 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/_framework_compat.py:22
    ensurepip = os.environ.get("ENSUREPIP_OPTIONS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f5461883386825 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/bdist_rpm.py:555
                    with open(val) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab79c87aaf73e938 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_ext.py:800
                elif '_PYTHON_HOST_PLATFORM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc1ad9381956cbdb Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_scripts.py:105
            with open(outfile, "w", encoding=f.encoding) as outf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfa55d2208e899ab Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:104
        with open(filename, "w", encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f4ed2b607f2fe7 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:191
        with open(out, encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3edb6db1a44818e3 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:348
    log.info(pathlib.Path(filename).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de2b5e56a557e9f9 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/install_egg_info.py:55
        with open(target, 'w', encoding='UTF-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb123fbc25ffa8a7 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:424
        with open(self.manifest, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d1285e072aad850 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:434
        with open(self.manifest, encoding='utf-8') as lines:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b59158adcb069f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:71
        self.cc = os.environ.get('CC', self.cc or 'gcc')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f84913697d18aef Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:72
        self.cxx = os.environ.get('CXX', self.cxx or 'g++')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c55407c58eba877d Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:316
        config_h = pathlib.Path(fn).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc231d0deeaa4ee2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:82
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05ca653cccb1f15b Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:150
    if os.getenv("DISTUTILS_USE_SDK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e9d0b1585f834d0 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:151
        return {key.lower(): value for key, value in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a209ca14311838 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:189
        paths = os.getenv('path').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea32205931b53c03 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:561
        env = dict(os.environ, PATH=self._paths)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285d3f727257ddba Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/zos.py:114
            if (binary := os.environ.get(envvar, None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705a78141e1dd219 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/debug.py:5
DEBUG = os.environ.get('DISTUTILS_DEBUG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7389a7a3616911fa Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:386
            yield pathlib.Path(os.getenv("DIST_EXTRA_CONFIG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5780332f98139f98 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1140
            self.read_pkg_file(open(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0afbbb6e5c94e5b9 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1215
        with open(
            os.path.join(base_dir, 'PKG-INFO'), 'w', encoding='UTF-8'
        ) as pkg_info:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7893a26eed43a84 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:28
            fsrc = open(src, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787db052db4c0f83 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:39
            fdst = open(dst, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e2e5d1c38917cb Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:227
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ba4e53620abc37a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:52
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e8bc18494106bca Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:111
        path = os.environ.get('PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5efe018e2125f03 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:48
if "_PYTHON_PROJECT_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31a63e47e3478b01 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:49
    project_base = os.path.abspath(os.environ["_PYTHON_PROJECT_BASE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147d182e12d7320e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:330
        if 'CC' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9839c1dd73b5b65c Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:331
            newcc = os.environ['CC']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4340e987b0c55051 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:332
            if 'LDSHARED' not in os.environ and ldshared.startswith(cc):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e4342d501c4f9d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:337
        cxx = os.environ.get('CXX', cxx)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3b61134a25485f6 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:338
        ldshared = os.environ.get('LDSHARED', ldshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbec124bb250b6ba Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:339
        ldcxxshared = os.environ.get('LDCXXSHARED', ldcxxshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303da489d40661dd Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a2d1b930c828c43 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(
            'CPP',
            cc + " -E",  # not always
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d828855faeb008 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:347
        cflags = os.environ.get('CFLAGS', cflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cb9247f52ec96b4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:349
        cxxflags = os.environ.get('CXXFLAGS', cxxflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02cd9dbf6db1a268 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:357
        ar = os.environ.get('AR', ar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80cde34449f4306c Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:359
        archiver = ar + ' ' + os.environ.get('ARFLAGS', ar_flags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cdac193a6617004 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:376
        if 'RANLIB' in os.environ and compiler.executables.get('ranlib', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f70794e5fc3ad2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:377
            compiler.set_executables(ranlib=os.environ['RANLIB'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b7ed12729ed0d0 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:472
                elif n in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d313af76f93bc70d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:474
                    item = os.environ[n]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb8167fcadf3e65 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:597
    flags = os.environ.get(f'{type}FLAGS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0915ce9649009657 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/text_file.py:118
        self.file = open(self.filename, errors=self.errors, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #694ac490d3bbc9d1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:57
        target = os.environ.get('VSCMD_ARG_TGT_ARCH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #066174d3e260cab5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:94
    env_ver = os.environ.get(MACOSX_VERSION_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3a81b4c840732a7 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:174
    if os.name == 'posix' and 'HOME' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b7265292279120f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:178
            os.environ['HOME'] = pwd.getpwuid(os.getuid())[5]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4077955a84e1387a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:184
    if 'PLAT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2965aa932504f43 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:185
        os.environ['PLAT'] = get_platform()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bafa002356d1973 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:199
    lookup = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c6346d21d97a7e2 Filesystem access.
pkgs/python/[email protected]/setuptools/_imp.py:65
            file = open(path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #903e3708d810d4d5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:80
    orig_pythonpath = os.environ.get('PYTHONPATH', nothing)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b1895271ab97cc Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:81
    current_pythonpath = os.environ.get('PYTHONPATH', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a574832fa214b78b Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:87
            os.environ['PYTHONPATH'] = new_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66cddac0fc99727f Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:91
            os.environ.pop('PYTHONPATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04f42c6499ce89f7 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:93
            os.environ['PYTHONPATH'] = orig_pythonpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eae327e4945c9fc1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:49
        return os.environ.get('__PYVENV_LAUNCHER__', _default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552b5a871a2a6da1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:238
        launcher = os.environ.get('SETUPTOOLS_LAUNCHER', 'executable')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a787a6a07819a351 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:245
        if ext not in os.environ['PATHEXT'].lower().split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48069b239ca5177d Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:332
    return resources.files('setuptools').joinpath(launcher_fn).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04f3c3202b12d55b Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:337
    return res.read_text(encoding='utf-8') % vars()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64f838cd45ba731 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/autocommand/autoparse.py:330
        with open(filename_or_file, *args, **kwargs) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a25d1931cfd07e84 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2829
            t = open(fileobj=name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #818abf4d8c85ded5 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2832
            t = open(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf565e65a489fdf Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2872
            with open(src, 'r') as tar:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53f37d5895cd3b36 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:379
        return self.locate().read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe5d424f4e5a3cc Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:382
        return self.locate().read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ee46af9203a3af Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:527
            self.read_text('METADATA')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4578c70b39f1419f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:528
            or self.read_text('PKG-INFO')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e967a3ee2ddda95 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:532
            or self.read_text('')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5b1bc2052b22f5f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:567
        return EntryPoints._from_text_for(self.read_text('entry_points.txt'), self)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4efc932e96c06dd7 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:616
        text = self.read_text('RECORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed7286f6da0e6d2e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:630
        text = self.read_text('installed-files.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd862c00d00ce52e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:659
        text = self.read_text('SOURCES.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e595365e7b1b53 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:672
        source = self.read_text('requires.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #152c00ebb46d8e02 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:723
            self.read_text(filename),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #debc4b714f58ef54 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1014
            return self._path.joinpath(filename).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7bb1f9b3287856 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1150
    return (dist.read_text('top_level.txt') or '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74f0b2ef3cb993f2 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:232
lorem_ipsum: str = (
    files(__name__).joinpath('Lorem ipsum.txt').read_text(encoding='utf-8')
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5334263be6ae8b5f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:631
    with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eec8820f7e26b900 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ffbfda9fd20052 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bcc5d4ecb29b99b Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:31
    if os.getenv("ANDROID_DATA") == "/data" and os.getenv("ANDROID_ROOT") == "/system":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a8fcf731cbade04 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:32
        if os.getenv("SHELL") or os.getenv("PREFIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d77191c683970bde Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:45
        path = os.environ.get("XDG_DATA_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b821462c93237a7 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:52
        path = os.environ.get("XDG_DATA_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7871f3168ceb5caf Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:76
        path = os.environ.get("XDG_CONFIG_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94702d12e6d7dc72 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:83
        path = os.environ.get("XDG_CONFIG_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7145cbc59adbec1c Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:107
        path = os.environ.get("XDG_CACHE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07a1b09b19e28a4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:123
        path = os.environ.get("XDG_STATE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ca16c9afdd3486e Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:177
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #943dd4a154119331 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:201
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b228946b75ec7d2a Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:238
        media_dir = os.environ.get(env_var, "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f96cd5e07fcc7ba Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:157
    result = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49b225487e1f9feb Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:167
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Documents")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #796f8b14bd2c3bbc Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:170
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Downloads")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e9a3c4ebc0d1f27 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:173
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Pictures")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cfcfb15c99d5f1d Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:176
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Videos")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa4c69224534c108 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:179
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Music")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f01c89ced254c94e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:492
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb37c4c23c62903 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:598
            with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e67977b13092179e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:609
        with open(pkg_info_path, "w", encoding="utf-8") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30bc77fbed03e2f6 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:171
                        requires = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a8ae7f06e892ac Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:174
                        pkginfo = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc31b9d3443f5491 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:184
                            path.read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbca3bfb32ecdd5c Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:190
                yield str(path.relative_to(self.path)), path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e09f2e26691aa683 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:40
    with open(wheel_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a501b8bd74ab5531 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:60
            with open(wheel_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9ee2ad9690b769 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:151
    with open(pkginfo_path, encoding="utf-8") as headers:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a017579beb8672db Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:160
        with open(requires_path, encoding="utf-8") as requires_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed0468b61ffbd61c Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:293
    with open(path_to_lib, "rb") as lib_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9513141af3e75d1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:419
    if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7ca266cfc4c8335 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:421
            int(x) for x in os.environ["MACOSX_DEPLOYMENT_TARGET"].split(".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16149a90ca0369b2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:474
        if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb32cab8a85199d6 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:53
    timestamp = int(os.environ.get("SOURCE_DATE_EPOCH", timestamp or time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bbf7da1cd322633 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:185
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53547459402f7fc8 Filesystem access.
pkgs/python/[email protected]/setuptools/archive_util.py:133
            with open(target, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df8637b2a423edff Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:70
    with open(pyfile, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e3c94f5bb00815 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:211
            with open(native_libs, 'wt', encoding="utf-8") as libs_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7459a1945072deb Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:362
            with open(fn, 'wt', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dc7f8b904af4644 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:381
    f = open(filename, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #494dcda5bfdebf8d Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:475
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #483cad7f13cbbd56 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:575
        with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b237cc6b49fb2798 Environment-variable access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:160
        so_ext = os.getenv('SETUPTOOLS_EXT_SUFFIX')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50fff2dbcb98fee2 Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:354
        with open(stub_file, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d9d20b0b2729dd Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:192
            files = manifest.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6d429855936af51 Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:261
        with open(init_py, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c9749ab9ce8158e Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6448646133aa92f Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(
                "__PYVENV_LAUNCHER__", os.path.normpath(sys.executable)
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9327d78e4886095 Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:601
        path1.write_text("file1", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d73298dd1f7210 Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:604
            if path2.is_symlink() and path2.read_text(encoding="utf-8") == "file1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1651d4cc508cc2d Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:283
        f = open(filename, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c10bcc3313e556d5 Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:645
    with open(filename, "wb") as f:  # always write POSIX-style manifest

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b694ea57797f69ef Filesystem access.
pkgs/python/[email protected]/setuptools/command/install_scripts.py:64
        with open(target, "w" + mode, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd24017e5bf8541 Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:195
        with open(self.manifest, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e75f17ecee3fd0 Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:205
        manifest = open(self.manifest, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed6ed937143b51f Filesystem access.
pkgs/python/[email protected]/setuptools/command/setopt.py:67
    with open(filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86ba2b6e0fe18bf5 Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/error_reporting.py:81
        debug_code = os.getenv("JSONSCHEMA_DEBUG_CODE_GENERATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f58222504b8cd57b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:158
    with urlopen(url, context=context) as response:  # noqa: S310 (audit URLs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1450e61f5c12a494 Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:192
        if os.getenv("NO_NETWORK") or os.getenv("VALIDATE_PYPROJECT_NO_NETWORK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0da52a473f9295 Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:57
        module = ast.parse(pathlib.Path(spec.origin).read_bytes())  # type: ignore[arg-type] # Let it raise an error on None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f4f52c589b87179 Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:142
    with open(filepath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de509738a7e8519 Filesystem access.
pkgs/python/[email protected]/setuptools/config/pyprojecttoml.py:39
    with open(filepath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696f83adf24eae65 Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:586
            with open(filename, encoding='utf-8') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1419566c0122a84 Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:820
            with open(readme_txt_filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881c36d2308fb8a3 Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:82
    quiet = 'PIP_QUIET' not in os.environ and 'PIP_VERBOSE' not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #713e8ead31a962cb Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:83
    if 'PIP_INDEX_URL' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d928dd9bdccb5e5 Filesystem access.
pkgs/python/[email protected]/setuptools/msvc.py:462
                with open(state_path, 'rt', encoding='utf-8') as state_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b9a6fb4bcb1ae1 Filesystem access.
pkgs/python/[email protected]/setuptools/namespaces.py:23
        with open(filename, 'wt', encoding=py312.PTH_ENCODING) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe03448a3b2cbb6 Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:59
        with open(file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b4d3b8a943fb533 Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:63
        with open(file, "r", encoding=fallback_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ed7cab436ee103d Environment-variable access.
pkgs/python/[email protected]/setuptools/warnings.py:109
    enforce = os.getenv("SETUPTOOLS_ENFORCE_DEPRECATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d147a7f2b2984b02 Filesystem access.
pkgs/python/[email protected]/setuptools/wheel.py:261
                    with open(mod_init, 'w', encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7f8db799c54e56f5 Environment-variable access.
pkgs/python/[email protected]/tools/build_launchers.py:102
        os.environ['ProgramFiles(x86)'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #15b06ea934e687bf Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:39
    changelog = changelog_fn.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dd866f301d9d7a06 Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:41
    changelog_fn.write_text(fixed, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shap

python dependency
expand_more 14 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #04ecea73bae0b5d5 Filesystem access.
pkgs/python/[email protected]/scripts/run_notebooks_timeouts.py:84
        with open(notebook_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #45c59bcfd44286db Filesystem access.
pkgs/python/[email protected]/shap/benchmark/experiments.py:223
        with open(cache_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5abf8e56bddd158d Filesystem access.
pkgs/python/[email protected]/shap/benchmark/experiments.py:236
    with open(cache_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #012e3c8bd510a42c Filesystem access.
pkgs/python/[email protected]/shap/benchmark/experiments.py:396
        with open(cache_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3b6b2bf808cf93f8 Filesystem access.
pkgs/python/[email protected]/shap/benchmark/experiments.py:419
        with open(cache_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7433f188eb65dc66 Filesystem access.
pkgs/python/[email protected]/shap/benchmark/metrics.py:519
            with open(cache_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c7dc16971814b300 Filesystem access.
pkgs/python/[email protected]/shap/benchmark/metrics.py:524
            with open(cache_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3977a9a658f793b2 Filesystem access.
pkgs/python/[email protected]/shap/benchmark/plots.py:604
        with open(out_dir + "/index.html", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9714d8d7c08140d7 Filesystem access.
pkgs/python/[email protected]/shap/datasets.py:195
    with open(cache(github_data_url + "imdb_train.txt"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92450c51be0d6f25 Filesystem access.
pkgs/python/[email protected]/shap/explainers/_tree.py:2479
            with open(tmp_file, encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb16086b03743cd Filesystem access.
pkgs/python/[email protected]/shap/plots/_force.py:290
    with open(bundle_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b01e4a7ab97fa21f Filesystem access.
pkgs/python/[email protected]/shap/plots/_force.py:303
    with open(logo_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4dc4ddaa72a3288 Filesystem access.
pkgs/python/[email protected]/shap/plots/_force.py:331
        out_file = open(out_file, "w", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac65728292930f0 Filesystem access.
pkgs/python/[email protected]/shap/utils/_general.py:358
    with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shellingham

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #c27fc6893b8ca7e5 Environment-variable access.
pkgs/python/[email protected]/src/shellingham/posix/__init__.py:54
    login_shell = os.environ.get("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d2746c7ed478c6c Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:44
    with io.open(path, encoding="ascii", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09f0b29176391ef7 Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:55
    with io.open(path, encoding=encoding, errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

slack-sdk

python dependency
expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #55eec97dbe17bc62 Environment-variable access.
pkgs/python/[email protected]/slack/deprecation.py:6
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4150d690ac2b51e6 Filesystem access.
pkgs/python/[email protected]/slack/web/async_internal_utils.py:148
                f = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f706f7ad777d2f5 Filesystem access.
pkgs/python/[email protected]/slack/web/base_client.py:298
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e2260c74f9191d1 Environment-variable access.
pkgs/python/[email protected]/slack/web/deprecation.py:17
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a4a2aba085a54b Environment-variable access.
pkgs/python/[email protected]/slack_sdk/models/messages/message.py:16
skip_warn = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a0f62d3c7358731 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:59
            with open(f"{team_installation_dir}/installer-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ce2235510146492 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:61
            with open(f"{team_installation_dir}/installer-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d7a71174157d24b Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:67
            with open(f"{team_installation_dir}/installer-{u_id}-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aca907ec4e6aaee Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:69
            with open(f"{team_installation_dir}/installer-{u_id}-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170b2d7fe0ca3ddd Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:75
            with open(installer_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #791dc37f3479e34b Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:94
            with open(f"{team_installation_dir}/bot-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bac5ebb16b83d97 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:96
            with open(f"{team_installation_dir}/bot-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc327cf549f00f5 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:99
            with open(f"{team_installation_dir}/bot-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4dc1cfb1bb71597 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:130
            with open(bot_filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a10d1aa85452cd Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:172
            with open(installation_filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6275bd89d7d2ee1e Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/state_store/file/__init__.py:46
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf59146533ad88a Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/state_store/file/__init__.py:54
            with open(filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0fe15b46c4d78b Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:12
        os.environ.get("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f3cf2b72ba8ddd2 Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:13
        or os.environ.get("https_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e15464acf5aa1ac Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:14
        or os.environ.get("HTTP_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62aafaeb8227638d Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:15
        or os.environ.get("http_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb33802d8bf2e286 Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/async_internal_utils.py:36
                f = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10df92873a0980dd Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/base_client.py:282
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5ebcd541d40ddd Environment-variable access.
pkgs/python/[email protected]/slack_sdk/web/deprecation.py:21
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80d706fdbb3abcd3 Environment-variable access.
pkgs/python/[email protected]/slack_sdk/web/internal_utils.py:278
    skip_deprecation = os.environ.get("SKIP_SLACK_SDK_WARNING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab834293d7613479 Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/internal_utils.py:342
            with open(os.fsencode(file), "rb") as readable:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12aeaab2968bf0fc Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/legacy_base_client.py:348
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlalchemy

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #a6de7fa5072f5d1d Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #142f6a31d475cef7 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbfe95053a4ecaea Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #960cc362d42dd7a6 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fbd4137dea9fbef Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a00266686a8413 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8524f105f6b25f59 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7cf1ea5bcaa96ec Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bd327e7dcd8df01 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854aa662399a1b89 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9392073ee958e38a Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b6cf18bfa949019 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b0e9725b20ccb9b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c29a2511a3446c3 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15a7c6b34b5e248 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65d70a1c665c1a9e Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de961297c711f070 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d98b4a0ee68e213 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a971cf0522e436f8 Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba62b64775a0608 Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f0bf091a54f64bde Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ed9e780d6a285562 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #09a6079df8382925 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #882441af9d903dc0 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ef3e03231403878c Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9cd692b215f1daff Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4393fd32f8bef5e7 Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eef856d6d694f522 Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

starlette

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #a012ee3bda943c14 Environment-variable access.
pkgs/python/[email protected]/starlette/config.py:19
    def __init__(self, environ: MutableMapping[str, str] = os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78523324b78a4720 Filesystem access.
pkgs/python/[email protected]/starlette/config.py:113
        with open(file_name, encoding=encoding) as input_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

stripe

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #c55e7ea31c5c6d76 Environment-variable access.
pkgs/python/[email protected]/stripe/_api_requestor.py:535
        agent = self._detect_ai_agent(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4a6d49d99f0cba Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:34
STRIPE_LOG = os.environ.get("STRIPE_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edda5b12b029e50c Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:40
    return "APPENGINE_RUNTIME" in os.environ and "Dev" in os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d13415050f269ac Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:40
    return "APPENGINE_RUNTIME" in os.environ and "Dev" in os.environ.get(
        "SERVER_SOFTWARE", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

termcolor

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #110b28a293342eea Environment-variable access.
pkgs/python/[email protected]/src/termcolor/__main__.py:8
    print(f"Current terminal type: {os.getenv('TERM')}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b7dfaf5bc9ed89 Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:109
    if os.environ.get("ANSI_COLORS_DISABLED"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecd3884bf8a8ab8b Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:111
    if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b356cc92e4c7c5bb Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:113
    if os.environ.get("FORCE_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69f354a7b84f2f02 Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:117
    if os.environ.get("TERM") == "dumb":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

toml

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #a079dfbc66659ce3 Filesystem access.
pkgs/python/[email protected]/setup.py:8
with open("README.rst") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37db4c2d03a4dae Filesystem access.
pkgs/python/[email protected]/toml/decoder.py:133
        with io.open(_getpath(f), encoding='utf-8') as ffile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tornado

python dependency
expand_more 19 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #51d1d4afa6cd99cc Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:155
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8cc84d8878fa811e Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:158
if os.environ.get("READTHEDOCS", "") == "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e04077a60b456d4 Filesystem access.
pkgs/python/[email protected]/setup.py:26
with open("tornado/__init__.py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26fceaab91712376 Filesystem access.
pkgs/python/[email protected]/setup.py:31
with open("README.rst") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3e6ab4f1c35e3b5 Environment-variable access.
pkgs/python/[email protected]/setup.py:37
    and os.environ.get("TORNADO_EXTENSION") != "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #500be65fe55fac6d Environment-variable access.
pkgs/python/[email protected]/setup.py:50
            optional=os.environ.get("TORNADO_EXTENSION") != "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3048e97f067f29b5 Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:652
            body = await self.stream.read_bytes(
                min(self.params.chunk_size, content_length), partial=True
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #958e5c9f0c34aad0 Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:672
                crlf = await self.stream.read_bytes(2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2521d7074b6ec30f Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:683
                chunk = await self.stream.read_bytes(
                    min(bytes_to_read, self.params.chunk_size), partial=True
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efaac2aa8f3788be Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:693
            crlf = await self.stream.read_bytes(2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2f2c0b1d4f693bf Filesystem access.
pkgs/python/[email protected]/tornado/locale.py:142
            with open(full_path, "rb") as bf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb225a2d42869808 Filesystem access.
pkgs/python/[email protected]/tornado/locale.py:153
        with open(full_path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db9b557400f4e5ec Filesystem access.
pkgs/python/[email protected]/tornado/options.py:416
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9059b61730df46b Filesystem access.
pkgs/python/[email protected]/tornado/template.py:476
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2afeee1417405c37 Environment-variable access.
pkgs/python/[email protected]/tornado/testing.py:78
    env = os.environ.get("ASYNC_TEST_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9f739f3d7fe1692 Environment-variable access.
pkgs/python/[email protected]/tornado/util.py:430
if os.environ.get("TORNADO_NO_EXTENSION") or os.environ.get("TORNADO_EXTENSION") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef5475b95e0713f2 Environment-variable access.
pkgs/python/[email protected]/tornado/util.py:438
        if os.environ.get("TORNADO_EXTENSION") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecacda9b16ee2457 Filesystem access.
pkgs/python/[email protected]/tornado/web.py:3033
        with open(abspath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e5a8863c000e06 Filesystem access.
pkgs/python/[email protected]/tornado/websocket.py:1133
        data = await self.stream.read_bytes(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

urllib3

python dependency
expand_more 8 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #e32a3fa8cd53f98e Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:15
if "READTHEDOCS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b8105a719237bb68 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:76
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe342a2854ab7700 Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:466
        return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8453614bb05e07cb Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:483
    return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54c1fee210e0a880 Filesystem access.
pkgs/python/[email protected]/src/urllib3/contrib/emscripten/fetch.py:204
        streaming_worker_code = (
            files(__package__)
            .joinpath("emscripten_fetch_worker.js")
            .read_text(encoding="utf-8")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5280a8a8878ba45b Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:317
    if "SSLKEYLOGFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #911d906734b9cd13 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:318
        sslkeylogfile = os.path.expandvars(os.environ.get("SSLKEYLOGFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bb0757c46c2fc9f Filesystem access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:452
    with open(key_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uvicorn

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #2d56e2d76cb4985d Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:351
        if workers is None and "WEB_CONCURRENCY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa8fa6827ef6414 Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:352
            self.workers = int(os.environ["WEB_CONCURRENCY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05407537f5efd556 Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:356
            self.forwarded_allow_ips = os.environ.get("FORWARDED_ALLOW_IPS", "127.0.0.1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35465f65846fd047 Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:393
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a59fcc2c0e7a7b7e Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:404
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

whatthepatch

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #0a06364858440cb1 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:23
            with open(diff.header.old_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7e6c8985690f0d0 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:27
        with open(diff.header.new_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b469d237eded93e6 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:44
    with open(oldfilepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ee332b346e9358 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:47
    with open(patchfilepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c1f404ff03a7264 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:64
    with open(newfilepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab4d1b1d57b2e214 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:68
        with open(rejfilepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37220eadf321cbb8 Environment-variable access.
pkgs/python/[email protected]/src/whatthepatch/snippets.py:54
        for path in os.environ["PATH"].split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

zope-interface

python dependency
expand_more 5 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #8996a5855c204155 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:25
os.environ['PURE_PYTHON'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20670862ec0dc0ab Filesystem access.
pkgs/python/[email protected]/setup.py:96
    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #391ab15bb871bf8b Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/_compat.py:45
    pure_env = os.environ.get('PURE_PYTHON')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #603d0a37611ffe09 Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/_compat.py:72
    pure_env = os.environ.get('PURE_PYTHON')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60706a72a056e09 Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/ro.py:234
        val = os.environ.get(env_name, '') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • fastmcp prod — sdist exceeds byte cap
  • playwright prod — no sdist (wheels only)
  • pillow prod — sdist exceeds byte cap
  • pybase62 prod — no sdist (wheels only)
  • rapidfuzz prod — sdist exceeds byte cap
  • types-toml prod — no python source in sdist