Close Open Privacy Scan

bolt Snapshot: commit ecd48e2
science engine v1.21
schedule 2026-07-18T23:16:13.581088+00:00

verified_user Possible application data leak

Potential data exfiltration identified in application code.

smart_toy MCP server detected: anthropic, chromadb, langchain, mcp +4 more — detected in dependencies, not a safety judgment.

App Privacy Score

0 /100
High privacy risk — possible application leak

High risk · 3636 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

0 high 727 medium 2909 low
First-party packages: 2
Dependency packages: 44
Ecosystem: python

swap_horiz Potential data exfiltration in application code

External domains: ::ffff:192.168.0.1a9.comaccount.blob.core.windows.netaccounts.feishu.cnaccounts.google.comaclanthology.orgacme.comai.google.devaiplatform.googleapis.comaka.msalembic.sqlalchemy.orgalpinejs.devapi-inference.huggingface.coapi.anthropic.comapi.bing.microsoft.comapi.bochaai.comapi.cloudflare.comapi.deepgram.comapi.elevenlabs.ioapi.exa.aiapi.firecrawl.devapi.github.comapi.jina.aiapi.linkup.soapi.microsoft.aiapi.mistral.aiapi.mojeek.comapi.mongodb.orgapi.morphllm.comapi.open-meteo.comapi.openai.comapi.openwebui.comapi.perplexity.aiapi.python.langchain.comapi.search.brave.comapi.serphouse.comapi.serply.ioapi.tavily.comapi.themoviedb.orgapi.together.xyzapis.google.comapp.neptune.aiarrow.apache.orgarxiv.orgattribution.omnilib.devauai.orgauth.exampleauthlib.orgaws.amazon.comazure.microsoft.comblocked.exampleblog.eleuther.aibrotlipy.readthedocs.iobugs.python.orgcdn-media.huggingface.cocdn.britannica.comcdn.jsdelivr.netcdnjs.cloudflare.comchat.googleapis.comchroma-onnx-models.s3.amazonaws.comchromium.googlesource.comclear.mlclip-cn-beijing.oss-cn-beijing.aliyuncs.comcloud.google.comcode.activestate.comcode.google.comcognitiveservices.azure.comcommonmark.orgconsole.cloud.google.comcookbook.openai.comcvs.pgfoundry.orgcx-oracle.readthedocs.iodagshub.comdata.iana.orgdatabase.windows.netdatatracker.ietf.orgday.js.orgdev-discuss.pytorch.orgdev.mysql.comdeveloper.mozilla.orgdevelopers.cloudflare.comdevelopers.google.comdiscord.comdiscord.ggdiscuss.huggingface.codiscuss.python.orgdiscuss.pytorch.orgdl.acm.orgdocs.aiohttp.orgdocs.anthropic.comdocs.aws.amazon.comdocs.claude.comdocs.langchain.comdocs.microsoft.comdocs.neptune.aidocs.nomic.aidocs.nvidia.comdocs.oasis-open.orgdocs.ollama.comdocs.openwebui.comdocs.parallel.aidocs.pydantic.devdocs.pyscript.netdocs.python-requests.orgdocs.python.orgdocs.pytorch.orgdocs.ray.iodocs.rsdocs.sqlalchemy.orgdocs.swanlab.cndocs.together.aidocs.trychroma.comdocs.wandb.aidoi.orgdownload.oracle.comdvc.orgembed.trychroma.comen.wikipedia.orgendpoint.openai.azure.comerrors.pydantic.devessentia.upf.eduevil.comexam_ple.comexamine.devexample-resource.azure.openai.comexample-resource.services.ai.azure.comfarm4.staticflickr.comfastapi.tiangolo.comfilesystem-spec.readthedocs.iofki.tic.heia-fr.chflyte.orgfonts.googleapis.comfoo.comgateway.ai.cloudflare.comgenerativelanguage.googleapis.comgeoip.maps.opensearch.orggiou.stanford.edugist.github.comgithub.comgoo.glgoogle-auth.readthedocs.iogoogle.aip.devgoogle.github.iogoogle.serper.devgoogleapis.devgraph.microsoft.comguillaumejaume.github.iohelp.openai.comhf.cohips.hearstapps.comhooks.slack.comhost.docker.internalhtml.spec.whatwg.orghttpbin.orghub-ci.huggingface.cohuggingface.cohypothesis.readthedocs.ioi.postimg.ccicml.ccimages.cocodataset.orgimages.pexels.cominfer.roboflow.comipython.readthedocs.iojson-schema.orgjsonlines.orgjsonplaceholder.typicode.comkagi.comkazoo.readthedocs.iokexue.fmkombu.readthedocs.orgkroki.ioleafletjs.comlearn.microsoft.comlegacy.python.orglicenses.api.openwebui.comlinux.die.netlisten-api.listennotes.comlocalhost.tiangolo.comlogin.chinacloudapi.cnlogin.microsoft.comlogin.microsoftonline.comlogin.microsoftonline.delogin.microsoftonline.uslogin.windows-ppe.netlucene.apache.orglucumr.pocoo.orgm.youtube.commagicstack.github.iomanagement.core.chinacloudapi.cnmanagement.core.usgovcloudapi.netmanagement.core.windows.netmarc.najork.orgmistralai.github.iomodelcontextprotocol.iomsdn.microsoft.commy-keyvault-name.vault.azure.netmy.sitemyaccount.blob.core.windows.netmypy.readthedocs.iomyservice.search.windows.netmüller.denats.ionew-url.comnineplanets.orgnlp.stanford.edunodatime.orgoauth.netollama-service.open-webui.svc.cluster.localollama.comomoindrot.github.ioonedrive.live.comonnxruntime.aiopen.feishu.cnopenai.comopenaipublic.blob.core.windows.netopenid.netopenoffice.orgopenreview.netopensearch.orgopentelemetry.ioopenwebui.comoptuna.readthedocs.iooracle.github.iooss.redis.comother.comotheraccount.blob.core.windows.netpackaging.python.orgpaddle-model-ecology.bj.bcebos.compbs.twimg.compendulum.eustace.iopenghao-bdsc.github.iopeps.python.orgplatform.claude.complatform.openai.complg.uwaterloo.caproceedings.neurips.ccprosemirror.netproto-plus-python.readthedocs.iopublic.ukp.informatik.tu-darmstadt.depurl.oclc.orgpurl.orgpydantic-docs.helpmanual.iopyjwt.readthedocs.iopymysql.readthedocs.iopypi.orgpypika.readthedocs.iopyscript.github.iopython-devtools.helpmanual.iopython-etcd3.readthedocs.iopython-oracledb.readthedocs.iopython.langchain.compython.orgpythonhosted.orgpytorch.orgqianwen-res.oss-cn-beijing.aliyuncs.comqwenlm.github.ioraw.githubusercontent.comredis.comredis.ioredis.readthedocs.ioredisearch.ioreference.langchain.comreplit.comrequests.readthedocs.iorestrictedpython.readthedocs.iorich.readthedocs.iorrc.cvc.uab.ess.jina.ais3.amazonaws.comsafetensors-convert.hf.spacesans-io.readthedocs.iosbert.netschema.orgschemas.microsoft.comschemas.openid.netschemas.openxmlformats.orgschemas.zwobble.orgsearch.azure.comsearchapi.api.cloud.yandex.netserpapi.comsethmlarson.devsheetjs.openxmlformats.orgsmith.langchain.comsocket.iosourceforge.netspdx.devspec.openapis.orgsqlalche.mesqlite.orgstackoverflow.comstorage.azure.comstorage.googleapis.comstorage.mtls.googleapis.comstuk.github.iosuno-ai.notion.siteswagger.ioswanlab.cntartarus.orgtechnet.microsoft.comtechspot.zzzeek.orgthumbs.dreamstime.comtimeapi.iotools.ietf.orgtowardsdatascience.comtvm.apache.orgtwitter.comtyper.tiangolo.comunpkg.comurllib3.readthedocs.iovega.github.iowebsockets.readthedocs.iowicg.github.iowww.aclweb.orgwww.apache.orgwww.comet.comwww.cs.cmu.eduwww.datalab.towww.deepmind.comwww.deepspeed.aiwww.dvc.orgwww.example.珠宝www.freetds.orgwww.gevent.orgwww.github.comwww.google.comwww.googleapis.comwww.gravatar.comwww.gutenberg.orgwww.iana.orgwww.ietf.orgwww.ilankelman.orgwww.iso.orgwww.kxan.comwww.microsoft.comwww.mlflow.orgwww.mozilla.orgwww.nature.comwww.npmjs.comwww.opentable.comwww.oracle.comwww.paddleocr.aiwww.postgresql.orgwww.psycopg.orgwww.python.orgwww.researchgate.netwww.rethinkdb.comwww.rfc-editor.orgwww.sbert.netwww.searchapi.iowww.sqlite.orgwww.starlette.devwww.starlette.iowww.tensorflow.orgwww.w3.orgwww.wandb.comwww.xudongz.comwww.youtube-nocookie.comwww.youtube.comwww.zetetic.netx.comxn--fiqs8s.icom.museumydc-index.ioyour-company.comyoutu.beyoutube.com

medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:69 repo/backend/open_webui/retrieval/loaders/datalab_marker.py:71
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:89 repo/backend/open_webui/retrieval/loaders/datalab_marker.py:112
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:89 repo/backend/open_webui/retrieval/loaders/datalab_marker.py:147
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/external_document.py:45 repo/backend/open_webui/retrieval/loaders/external_document.py:62
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/main.py:195 repo/backend/open_webui/retrieval/loaders/main.py:197
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:52 repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:70
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/mineru.py:216 repo/backend/open_webui/retrieval/loaders/mineru.py:239
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/mineru.py:331 repo/backend/open_webui/retrieval/loaders/mineru.py:341
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:45 repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:61
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/tavily.py:61 repo/backend/open_webui/retrieval/loaders/tavily.py:67
medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/models/external.py:43 repo/backend/open_webui/retrieval/models/external.py:49
hub Dependency data flows (644)
medium mcp dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
medium transformers dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2444 pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2446
medium azure-identity dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:66 pkgs/python/[email protected]/azure/identity/_credentials/environment.py:99
medium azure-identity dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:60 pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:77
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:45 pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:70
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:45 pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:127
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:46 pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:73
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:46 pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:134
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication.py:32 pkgs/python/[email protected]/samples/sample_authentication.py:39
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication.py:48 pkgs/python/[email protected]/samples/sample_authentication.py:55
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication_async.py:33 pkgs/python/[email protected]/samples/sample_authentication_async.py:41
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication_async.py:50 pkgs/python/[email protected]/samples/sample_authentication_async.py:58
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26 pkgs/python/[email protected]/samples/sample_documents_crud.py:59
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26 pkgs/python/[email protected]/samples/sample_documents_crud.py:72
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26 pkgs/python/[email protected]/samples/sample_documents_crud.py:87
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26 pkgs/python/[email protected]/samples/sample_documents_crud.py:100
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26 pkgs/python/[email protected]/samples/sample_documents_crud.py:115
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 pkgs/python/[email protected]/samples/sample_documents_crud_async.py:61
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 pkgs/python/[email protected]/samples/sample_documents_crud_async.py:77
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 pkgs/python/[email protected]/samples/sample_documents_crud_async.py:93
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 pkgs/python/[email protected]/samples/sample_documents_crud_async.py:107
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 pkgs/python/[email protected]/samples/sample_documents_crud_async.py:123
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 pkgs/python/[email protected]/samples/sample_index_alias_crud.py:42
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 pkgs/python/[email protected]/samples/sample_index_alias_crud.py:54
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 pkgs/python/[email protected]/samples/sample_index_alias_crud.py:108
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:44
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:57
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:112
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_analyze_text.py:26 pkgs/python/[email protected]/samples/sample_index_analyze_text.py:43
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:27 pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:45
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:33 pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:46
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:37 pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:51
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:26 pkgs/python/[email protected]/samples/sample_index_crud.py:69
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:26 pkgs/python/[email protected]/samples/sample_index_crud.py:80
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:26 pkgs/python/[email protected]/samples/sample_index_crud.py:126
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:26 pkgs/python/[email protected]/samples/sample_index_crud.py:139
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 pkgs/python/[email protected]/samples/sample_index_crud_async.py:72
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 pkgs/python/[email protected]/samples/sample_index_crud_async.py:84
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 pkgs/python/[email protected]/samples/sample_index_crud_async.py:132
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:43
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:59
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:71
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:85
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:45
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:62
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:75
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:90
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_crud.py:74
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_crud.py:87
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_crud.py:99
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_crud.py:112
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:80
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:94
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:107
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:121
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:51
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:64
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:76
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:52
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:66
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:79
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 pkgs/python/[email protected]/samples/sample_indexer_workflow.py:119
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 pkgs/python/[email protected]/samples/sample_indexer_workflow.py:130
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 pkgs/python/[email protected]/samples/sample_indexer_workflow.py:134
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_autocomplete.py:26 pkgs/python/[email protected]/samples/sample_query_autocomplete.py:40
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:28 pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:43
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_facets.py:26 pkgs/python/[email protected]/samples/sample_query_facets.py:43
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_facets_async.py:28 pkgs/python/[email protected]/samples/sample_query_facets_async.py:46
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_filter.py:26 pkgs/python/[email protected]/samples/sample_query_filter.py:45
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_filter_async.py:28 pkgs/python/[email protected]/samples/sample_query_filter_async.py:48
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:24 pkgs/python/[email protected]/samples/sample_query_semantic.py:66
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:24 pkgs/python/[email protected]/samples/sample_query_semantic.py:67
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:24 pkgs/python/[email protected]/samples/sample_query_semantic.py:89
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:24 pkgs/python/[email protected]/samples/sample_query_semantic.py:90
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 pkgs/python/[email protected]/samples/sample_query_semantic_async.py:69
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 pkgs/python/[email protected]/samples/sample_query_semantic_async.py:70
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 pkgs/python/[email protected]/samples/sample_query_semantic_async.py:91
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 pkgs/python/[email protected]/samples/sample_query_semantic_async.py:92
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_session.py:24 pkgs/python/[email protected]/samples/sample_query_session.py:38
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_session_async.py:25 pkgs/python/[email protected]/samples/sample_query_session_async.py:40
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_simple.py:24 pkgs/python/[email protected]/samples/sample_query_simple.py:38
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_simple_async.py:26 pkgs/python/[email protected]/samples/sample_query_simple_async.py:41
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_suggestions.py:24 pkgs/python/[email protected]/samples/sample_query_suggestions.py:39
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:26 pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:42
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:130
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:148
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:170
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:196
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:221
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:222
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:223
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:224
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:225
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:50 pkgs/python/[email protected]/samples/sample_query_vector.py:226
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:134
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:153
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:176
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:204
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:230
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:231
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:232
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:233
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:234
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 pkgs/python/[email protected]/samples/sample_query_vector_async.py:235
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:25 pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:42
medium azure-search-documents dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:26 pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:48
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:84
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:112
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:122
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:127
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:132
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:83
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:90
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:91
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:96
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:97
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:102
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:107
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:114
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:125
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:132
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:72
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:77
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:33 pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:45
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:33 pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:46
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:97
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:103
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:116
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:120
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:131
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:138
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:55
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:59
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:62
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:73
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:57
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:61
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:100
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:105
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:108
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:113
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:138
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:143
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:148
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:156
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:161
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:166
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:171
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:174
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:177
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:180
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:183
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:188
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:191
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:196
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:201
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:206
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:211
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:216
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:57
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:61
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:100
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:105
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:108
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:113
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:138
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:143
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:148
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:156
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:161
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:166
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:171
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:174
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:177
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:180
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:183
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:188
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:191
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:196
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:201
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:206
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:211
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:216
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:105
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:111
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:116
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:120
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:127
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:131
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:134
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:99
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:113
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:127
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:83
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:112
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:115
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:53
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:54
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:58
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:72
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:61
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:73
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:110
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:113
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:116
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:122
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:134
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:140
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:146
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:152
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:158
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:163
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:168
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:173
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:182
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:187
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:190
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:195
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:200
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:205
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:212
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:215
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:221
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:227
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:237
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:243
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:249
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:50 pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:63
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:116
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:126
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:133
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:66
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:67
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:67
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:68
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:68
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:73
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:57
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:58
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:59
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:60
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:68
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:90
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:96
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:106
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:32 pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:44
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:114
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:129
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:91
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:90
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:97
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:100
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:107
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:114
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:121
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:77
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:52 pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:52 pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:71
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:73
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:77
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:84
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:33 pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:44
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:33 pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:45
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:100
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:103
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:110
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:121
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:125
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:52
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:56
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:59
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:62
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:67
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:73
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:84
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:53
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:57
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:60
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:83
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:91
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:96
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:114
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:131
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:134
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:139
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:144
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:152
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:157
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:162
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:167
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:170
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:173
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:176
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:179
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:184
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:187
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:192
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:197
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:202
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:207
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 pkgs/python/[email protected]/samples/sample_analyze_invoices.py:212
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:54
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:58
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:61
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:66
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:71
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:79
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:84
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:89
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:97
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:102
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:105
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:110
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:115
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:120
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:125
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:132
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:140
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:145
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:153
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:158
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:163
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:168
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:171
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:174
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:177
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:180
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:185
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:188
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:193
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:198
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:203
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:208
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:213
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:71
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:100
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:102
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:103
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:109
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:110
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:114
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:121
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 pkgs/python/[email protected]/samples/sample_analyze_layout.py:124
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:82
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:91
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:96
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:108
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:112
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:127
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68 pkgs/python/[email protected]/samples/sample_analyze_read.py:128
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:59
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:60
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:70
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:78
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:99
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:107
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 pkgs/python/[email protected]/samples/sample_analyze_receipts.py:110
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:53
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:54
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:58
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:72
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:98
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:56
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:60
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:68
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:74
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:77
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:81
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:84
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:96
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:99
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:104
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:105
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:108
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:111
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:129
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:135
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:141
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:147
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:153
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:158
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:163
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:168
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:177
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:182
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:185
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:190
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:195
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:200
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:207
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:210
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:216
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:222
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:232
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:238
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:244
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_classify_document.py:49 pkgs/python/[email protected]/samples/sample_classify_document.py:61
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:116
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:117
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:118
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:119
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:123
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:126
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:56 pkgs/python/[email protected]/samples/sample_compose_model.py:133
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:63
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:66
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:67
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:68
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:72
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:76
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 pkgs/python/[email protected]/samples/sample_copy_model_to.py:83
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:64
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:65
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:66
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:69
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:71
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:80
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:85
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:86
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:88
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 pkgs/python/[email protected]/samples/sample_manage_classifiers.py:101
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:56
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:57
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:58
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:59
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:63
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:67
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:75
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:87
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:92
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:93
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:94
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:95
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:99
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:42 pkgs/python/[email protected]/samples/sample_manage_models.py:111
medium azure-ai-documentintelligence dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_send_request.py:32 pkgs/python/[email protected]/samples/sample_send_request.py:43

</> First-Party Code

first-party (python): backend/open_webui/utils/telemetry

python first-party
medium telemetry production #bc407ae5a792e761 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/constants.py:1
from opentelemetry.semconv._incubating.attributes import (
    db_attributes as _db,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #868bba17fb3dc646 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/constants.py:4
from opentelemetry.semconv._incubating.attributes import (
    http_attributes as _http,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #05bd078fb84edc44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:12
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e0e3357ea8b85fac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:13
from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #329f411fcc6ca34e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:14
from opentelemetry.instrumentation.httpx import (
    HTTPXClientInstrumentor,
    RequestInfo,
    ResponseInfo,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #876a2f28069b508e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:19
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2d8d386869d9d348 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:20
from opentelemetry.instrumentation.logging import LoggingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1e41310f54982cce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:21
from opentelemetry.instrumentation.redis import RedisInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #737fa99c06493e92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:22
from opentelemetry.instrumentation.requests import RequestsInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0435f239e72ab008 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:23
from opentelemetry.instrumentation.sqlalchemy import SQLAlchemyInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #be2067f6115afe8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:24
from opentelemetry.instrumentation.system_metrics import SystemMetricsInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5fe6805d43e76e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/instrumentors.py:25
from opentelemetry.trace import Span, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee77001c9e0379c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:12
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc08d54259e774f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:13
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import OTLPLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ea0833fdb0692f17 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:14
from opentelemetry.exporter.otlp.proto.http._log_exporter import (
    OTLPLogExporter as HttpOTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #946506d80c5d3853 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:17
from opentelemetry.sdk._logs import (
    LoggerProvider,
    LoggingHandler,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a681df5459d97178 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:21
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5fcf3225456cff9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/logs.py:22
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9075676d3bcedea5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:37
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b42185c5bd01dc1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:38
from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d0ee5dad84a1f65d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:41
from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
    OTLPMetricExporter as OTLPHttpMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6f4ef723ab802e5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:44
from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #80d121347ca0cf22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:45
from opentelemetry.sdk.metrics.export import (
    PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c7cfb4f1d7c4fc3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:48
from opentelemetry.sdk.metrics.view import View

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #66f7f2c05b06dff6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/metrics.py:49
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a52d74bad35aa74b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #16a9253d1b6ed538 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:17
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8c5a93e89a214451 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:18
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter as HttpOTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #89d1a329ebb8443f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:21
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf3ebda352b149c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:22
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bb35b1b5ddf881a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/telemetry/setup.py:23
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

first-party (python)

python first-party
medium pii_flow production #9a19bf6539c925cc A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:71 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:69 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:71
            response = requests.get(url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #0bce0710d18f544d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:112 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:89 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:112
                response = requests.post(
                    f'{self.api_base_url}',
                    data=form_data,
                    files=files,
                    headers=headers,
                )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #fe965225e224feb9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:147 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:89 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/datalab_marker.py:147
                    poll_response = requests.get(check_url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #d6264d018bafa2a3 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/external_document.py:62 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/external_document.py:45 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/external_document.py:62
            response = requests.put(f'{url}/process', data=data, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #39de35a95961b327 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/main.py:197 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/main.py:195 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/main.py:197
            r = requests.post(
                f'{self.url}/v1/convert/file',
                files={
                    'files': (
                        self.file_path,
                        f,
                        self.mime_type or 'application/octet-stream',
                    )
                },
                data={
                    'image_export_mode': 'placeholder',
                    'md_page_break_placeholder': page_break_marker,
                    **self.params,
                },
                headers=headers,
                verify=AIOHTTP_CLIENT_SESSION_SSL,
            )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #e35dd70ac09a2669 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:70 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:52 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:70
            response = requests.post(
                f'{self.api_base_url}/browse',
                json=payload,
                headers=headers,
                timeout=request_timeout,
                verify=self.verify_ssl,
            )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #38902389b6198bf9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/mineru.py:239 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/mineru.py:216 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/mineru.py:239
            response = requests.post(
                f'{self.api_url}/file-urls/batch',
                headers=headers,
                json=request_body,
                timeout=30,
            )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #bdba8cfb310f8a55 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/mineru.py:341 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/mineru.py:331 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/mineru.py:341
                response = requests.get(
                    f'{self.api_url}/extract-results/batch/{batch_id}',
                    headers=headers,
                    timeout=30,
                )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #c670817e64de5cbe A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:61 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:45 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:61
            response = requests.post(f'{self.api_url}/layout-parsing', json=payload, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #690ff1bb2b8dfa98 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/loaders/tavily.py:67 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/tavily.py:61 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/loaders/tavily.py:67
                response = requests.post(self.api_url, headers=headers, json=payload)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #60b45e2cd7e5d6a3 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/backend/open_webui/retrieval/models/external.py:49 · flow /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/models/external.py:43 → /tmp/closeopen-dywqqbnc/repo/backend/open_webui/retrieval/models/external.py:49
            r = requests.post(
                f'{self.url}',
                headers=headers,
                json=payload,
                timeout=self.timeout,
                verify=REQUESTS_VERIFY,
            )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry production #d39af967f9f9efc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/auth.py:346
            from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b02ee5c75406d4a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/auth.py:391
                    from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc16273673464344 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/auth.py:465
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1f3f3fd6cd758765 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/backend/open_webui/utils/logger.py:123
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1054 low-confidence finding(s)
low env_fs production #ce8aece776de1a5d Environment-variable access.
repo/backend/open_webui/__init__.py:37
    os.environ['FROM_INIT_PY'] = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a75d82c61e798e5 Environment-variable access.
repo/backend/open_webui/__init__.py:38
    if os.getenv('WEBUI_SECRET_KEY') is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #535d54b3fd1e49ac Environment-variable access.
repo/backend/open_webui/__init__.py:41
            key_length = int(os.getenv('WEBUI_SECRET_KEY_LENGTH', DEFAULT_SECRET_KEY_LENGTH))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5eab33235409cd69 Environment-variable access.
repo/backend/open_webui/__init__.py:47
        os.environ['WEBUI_SECRET_KEY'] = KEY_FILE.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f225c75c4a204a87 Filesystem access.
repo/backend/open_webui/__init__.py:47
        os.environ['WEBUI_SECRET_KEY'] = KEY_FILE.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b078a82f1d60f4e Environment-variable access.
repo/backend/open_webui/__init__.py:49
    if os.getenv('USE_CUDA_DOCKER', 'false') == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c654de307c062aac Environment-variable access.
repo/backend/open_webui/__init__.py:51
        LD_LIBRARY_PATH = os.getenv('LD_LIBRARY_PATH', '').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c2b9822a88c52f5 Environment-variable access.
repo/backend/open_webui/__init__.py:52
        os.environ['LD_LIBRARY_PATH'] = ':'.join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ee69041a0fc28cf Environment-variable access.
repo/backend/open_webui/__init__.py:70
            os.environ['USE_CUDA_DOCKER'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f1f29ba1f4be50 Environment-variable access.
repo/backend/open_webui/__init__.py:71
            os.environ['LD_LIBRARY_PATH'] = ':'.join(LD_LIBRARY_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec71558cc4532fa8 Filesystem access.
repo/backend/open_webui/config.py:86
    with open(f'{DATA_DIR}/config.json', 'r') as _f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #573f169f09f1ab97 Environment-variable access.
repo/backend/open_webui/config.py:95
STATIC_DIR = Path(os.getenv('STATIC_DIR', OPEN_WEBUI_DIR / 'static')).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c116be9ebfc1e46e Environment-variable access.
repo/backend/open_webui/config.py:144
STORAGE_PROVIDER = os.getenv('STORAGE_PROVIDER', 'local')  # defaults to local, s3

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ff7439d336b7c6d Environment-variable access.
repo/backend/open_webui/config.py:145
STORAGE_LOCAL_CACHE = os.getenv('STORAGE_LOCAL_CACHE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f9fe486ef4719a Environment-variable access.
repo/backend/open_webui/config.py:147
S3_ACCESS_KEY_ID = os.getenv('S3_ACCESS_KEY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc448ab2d5701871 Environment-variable access.
repo/backend/open_webui/config.py:148
S3_SECRET_ACCESS_KEY = os.getenv('S3_SECRET_ACCESS_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58cbdbe479e2bb1c Environment-variable access.
repo/backend/open_webui/config.py:149
S3_REGION_NAME = os.getenv('S3_REGION_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b51735b0aa50569d Environment-variable access.
repo/backend/open_webui/config.py:150
S3_BUCKET_NAME = os.getenv('S3_BUCKET_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44d1279fa7b41052 Environment-variable access.
repo/backend/open_webui/config.py:151
S3_KEY_PREFIX = os.getenv('S3_KEY_PREFIX', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2920e6ae4c6d28c Environment-variable access.
repo/backend/open_webui/config.py:152
S3_ENDPOINT_URL = os.getenv('S3_ENDPOINT_URL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75dc38b6544c5c66 Environment-variable access.
repo/backend/open_webui/config.py:153
S3_USE_ACCELERATE_ENDPOINT = os.getenv('S3_USE_ACCELERATE_ENDPOINT', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ed88de53fce4029 Environment-variable access.
repo/backend/open_webui/config.py:154
S3_ADDRESSING_STYLE = os.getenv('S3_ADDRESSING_STYLE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5380077b48caffde Environment-variable access.
repo/backend/open_webui/config.py:155
S3_ENABLE_TAGGING = os.getenv('S3_ENABLE_TAGGING', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0ca9586380fba82 Environment-variable access.
repo/backend/open_webui/config.py:157
GCS_BUCKET_NAME = os.getenv('GCS_BUCKET_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5eede9f4e9ad034 Environment-variable access.
repo/backend/open_webui/config.py:158
GOOGLE_APPLICATION_CREDENTIALS_JSON = os.getenv('GOOGLE_APPLICATION_CREDENTIALS_JSON', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf37234e58e58e0b Environment-variable access.
repo/backend/open_webui/config.py:160
AZURE_STORAGE_ENDPOINT = os.getenv('AZURE_STORAGE_ENDPOINT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df4b9272bb2404bf Environment-variable access.
repo/backend/open_webui/config.py:161
AZURE_STORAGE_CONTAINER_NAME = os.getenv('AZURE_STORAGE_CONTAINER_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd22294b881fd37 Environment-variable access.
repo/backend/open_webui/config.py:162
AZURE_STORAGE_KEY = os.getenv('AZURE_STORAGE_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a8a21f7b9e76a7e Environment-variable access.
repo/backend/open_webui/config.py:184
CUSTOM_NAME = os.getenv('CUSTOM_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9352ca8d9450b267 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/config.py:188
        r = requests.get(f'https://api.openwebui.com/api/v1/custom/{CUSTOM_NAME}')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7f6a1d573076a9ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/config.py:196
                r = requests.get(url, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3e1ba1a475365f9d Filesystem access.
repo/backend/open_webui/config.py:198
                    with open(f'{STATIC_DIR}/favicon.png', 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e156c15b9066f1a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/config.py:205
                r = requests.get(url, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #ed00e058019ad11a Filesystem access.
repo/backend/open_webui/config.py:207
                    with open(f'{STATIC_DIR}/splash.png', 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c59bd80e8084e2d Environment-variable access.
repo/backend/open_webui/config.py:221
ENABLE_DIRECT_CONNECTIONS = os.getenv('ENABLE_DIRECT_CONNECTIONS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c094e968a461558 Environment-variable access.
repo/backend/open_webui/config.py:227
ENABLE_OLLAMA_API = os.getenv('ENABLE_OLLAMA_API', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1f0cf28fc93432a Environment-variable access.
repo/backend/open_webui/config.py:229
OLLAMA_API_BASE_URL = os.getenv('OLLAMA_API_BASE_URL', 'http://localhost:11434/api')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5b7558744c5aba6 Environment-variable access.
repo/backend/open_webui/config.py:231
OLLAMA_BASE_URL = os.getenv('OLLAMA_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #184d23475276f6fa Environment-variable access.
repo/backend/open_webui/config.py:237
K8S_FLAG = os.getenv('K8S_FLAG', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f026bde41d269521 Environment-variable access.
repo/backend/open_webui/config.py:238
USE_OLLAMA_DOCKER = os.getenv('USE_OLLAMA_DOCKER', 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c57c066f60d6ae4 Environment-variable access.
repo/backend/open_webui/config.py:282
if os.getenv('OLLAMA_BASE_URL', '') in ('', '/ollama') and not os.getenv('OLLAMA_BASE_URLS', ''):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17be6b14af5505d3 Environment-variable access.
repo/backend/open_webui/config.py:286
OLLAMA_BASE_URLS = os.getenv('OLLAMA_BASE_URLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2775cfe519dc4b9 Environment-variable access.
repo/backend/open_webui/config.py:293
_ollama_api_configs = os.getenv('OLLAMA_API_CONFIGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #870061c7bda53b86 Environment-variable access.
repo/backend/open_webui/config.py:309
ENABLE_OPENAI_API = os.getenv('ENABLE_OPENAI_API', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58ed254835794078 Environment-variable access.
repo/backend/open_webui/config.py:312
OPENAI_API_KEY = os.getenv('OPENAI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf726c6818e9caf3 Environment-variable access.
repo/backend/open_webui/config.py:313
OPENAI_API_BASE_URL = os.getenv('OPENAI_API_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0865b5e2eca75110 Environment-variable access.
repo/backend/open_webui/config.py:315
GEMINI_API_KEY = os.getenv('GEMINI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55503aaf8a1815e4 Environment-variable access.
repo/backend/open_webui/config.py:316
GEMINI_API_BASE_URL = os.getenv('GEMINI_API_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a381b0332ec0b7d4 Environment-variable access.
repo/backend/open_webui/config.py:325
OPENAI_API_KEYS = os.getenv('OPENAI_API_KEYS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a56a6b6834d306a Environment-variable access.
repo/backend/open_webui/config.py:331
OPENAI_API_BASE_URLS = os.getenv('OPENAI_API_BASE_URLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4e54bb8e47e6057 Environment-variable access.
repo/backend/open_webui/config.py:340
_openai_api_configs = os.getenv('OPENAI_API_CONFIGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f277b18e3638b13d Environment-variable access.
repo/backend/open_webui/config.py:364
ENABLE_BASE_MODELS_CACHE = os.getenv('ENABLE_BASE_MODELS_CACHE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f97385de2b561fc0 Environment-variable access.
repo/backend/open_webui/config.py:372
    tool_server_connections = json.loads(os.getenv('TOOL_SERVER_CONNECTIONS', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69f10be35088ee4f Environment-variable access.
repo/backend/open_webui/config.py:380
OAUTH_CLIENT_TIMEOUT = os.getenv('OAUTH_CLIENT_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb95f7af749fdbd3 Environment-variable access.
repo/backend/open_webui/config.py:386
terminal_server_connections = json.loads(os.getenv('TERMINAL_SERVER_CONNECTIONS', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e848bc167fd546c9 Environment-variable access.
repo/backend/open_webui/config.py:391
    TERMINAL_PROXY_HEADERS = json.loads(os.getenv('TERMINAL_PROXY_HEADERS', '{}'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e524840c9efbb49a Environment-variable access.
repo/backend/open_webui/config.py:399
ENABLE_CODE_EXECUTION = os.getenv('ENABLE_CODE_EXECUTION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3782fced0afd3755 Environment-variable access.
repo/backend/open_webui/config.py:401
CODE_EXECUTION_ENGINE = os.getenv('CODE_EXECUTION_ENGINE', 'pyodide')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #990d0b1d07729c2e Environment-variable access.
repo/backend/open_webui/config.py:403
CODE_EXECUTION_JUPYTER_URL = os.getenv('CODE_EXECUTION_JUPYTER_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e61350ce6386e5d Environment-variable access.
repo/backend/open_webui/config.py:405
CODE_EXECUTION_JUPYTER_AUTH = os.getenv('CODE_EXECUTION_JUPYTER_AUTH', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fa39de042827a5 Environment-variable access.
repo/backend/open_webui/config.py:407
CODE_EXECUTION_JUPYTER_AUTH_TOKEN = os.getenv('CODE_EXECUTION_JUPYTER_AUTH_TOKEN', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30e811dd6261b346 Environment-variable access.
repo/backend/open_webui/config.py:410
CODE_EXECUTION_JUPYTER_AUTH_PASSWORD = os.getenv('CODE_EXECUTION_JUPYTER_AUTH_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c5d51229d6cbc5d Environment-variable access.
repo/backend/open_webui/config.py:412
CODE_EXECUTION_JUPYTER_TIMEOUT = int(os.getenv('CODE_EXECUTION_JUPYTER_TIMEOUT', '60'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c31fbab8d430d0fc Environment-variable access.
repo/backend/open_webui/config.py:414
ENABLE_CODE_INTERPRETER = os.getenv('ENABLE_CODE_INTERPRETER', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce63904a97477fcd Environment-variable access.
repo/backend/open_webui/config.py:416
ENABLE_MEMORIES = os.getenv('ENABLE_MEMORIES', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea0a786b47088409 Environment-variable access.
repo/backend/open_webui/config.py:417
ENABLE_MEMORY_SYSTEM_CONTEXT = os.getenv('ENABLE_MEMORY_SYSTEM_CONTEXT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ac880013ffea572 Environment-variable access.
repo/backend/open_webui/config.py:418
ENABLE_MEMORY_BACKGROUND_REVIEW = os.getenv('ENABLE_MEMORY_BACKGROUND_REVIEW', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4387c4d22d4987f0 Environment-variable access.
repo/backend/open_webui/config.py:419
MEMORIES_REVIEW_INTERVAL_TURNS = int(os.getenv('MEMORIES_REVIEW_INTERVAL_TURNS', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48889d98658e2f68 Environment-variable access.
repo/backend/open_webui/config.py:420
MEMORIES_USER_CHAR_LIMIT = int(os.getenv('MEMORIES_USER_CHAR_LIMIT', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c90fd081781ad9f Environment-variable access.
repo/backend/open_webui/config.py:421
MEMORIES_CONTEXT_CHAR_LIMIT = int(os.getenv('MEMORIES_CONTEXT_CHAR_LIMIT', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5aa3a86ef0e6c3b7 Environment-variable access.
repo/backend/open_webui/config.py:423
CODE_INTERPRETER_ENGINE = os.getenv('CODE_INTERPRETER_ENGINE', 'pyodide')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15725471290466ec Environment-variable access.
repo/backend/open_webui/config.py:425
CODE_INTERPRETER_PROMPT_TEMPLATE = os.getenv('CODE_INTERPRETER_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e6604723e2a6c03 Environment-variable access.
repo/backend/open_webui/config.py:427
CODE_INTERPRETER_JUPYTER_URL = os.getenv('CODE_INTERPRETER_JUPYTER_URL', os.getenv('CODE_EXECUTION_JUPYTER_URL', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #837e308761139668 Environment-variable access.
repo/backend/open_webui/config.py:429
CODE_INTERPRETER_JUPYTER_AUTH = os.getenv(
    'CODE_INTERPRETER_JUPYTER_AUTH',
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH', ''),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96d6dd120bfe40f9 Environment-variable access.
repo/backend/open_webui/config.py:431
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4f455ec9d7a0da0 Environment-variable access.
repo/backend/open_webui/config.py:434
CODE_INTERPRETER_JUPYTER_AUTH_TOKEN = os.getenv(
    'CODE_INTERPRETER_JUPYTER_AUTH_TOKEN',
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH_TOKEN', ''),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83a251c27aeaa2af Environment-variable access.
repo/backend/open_webui/config.py:436
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH_TOKEN', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33e44d3a0471299f Environment-variable access.
repo/backend/open_webui/config.py:440
CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD = os.getenv(
    'CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD',
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH_PASSWORD', ''),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9114a1868adea44 Environment-variable access.
repo/backend/open_webui/config.py:442
    os.getenv('CODE_EXECUTION_JUPYTER_AUTH_PASSWORD', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cd489b8d3e5f1c1 Environment-variable access.
repo/backend/open_webui/config.py:446
    os.getenv(
        'CODE_INTERPRETER_JUPYTER_TIMEOUT',
        os.getenv('CODE_EXECUTION_JUPYTER_TIMEOUT', '60'),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2283fc4beb66918e Environment-variable access.
repo/backend/open_webui/config.py:448
        os.getenv('CODE_EXECUTION_JUPYTER_TIMEOUT', '60'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686a5fcf9920b925 Environment-variable access.
repo/backend/open_webui/config.py:453
    library.strip() for library in os.getenv('CODE_INTERPRETER_BLOCKED_MODULES', '').split(',') if library.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #920aa33498968f0d Environment-variable access.
repo/backend/open_webui/config.py:493
VECTOR_DB = os.getenv('VECTOR_DB', 'chroma')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c72fd0ba322fb341 Environment-variable access.
repo/backend/open_webui/config.py:501
    CHROMA_TENANT = os.getenv('CHROMA_TENANT', chromadb.DEFAULT_TENANT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b81bf188badc7f Environment-variable access.
repo/backend/open_webui/config.py:502
    CHROMA_DATABASE = os.getenv('CHROMA_DATABASE', chromadb.DEFAULT_DATABASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1adee7518f9fd811 Environment-variable access.
repo/backend/open_webui/config.py:503
    CHROMA_HTTP_HOST = os.getenv('CHROMA_HTTP_HOST', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91fbc64fbf209490 Environment-variable access.
repo/backend/open_webui/config.py:504
    CHROMA_HTTP_PORT = int(os.getenv('CHROMA_HTTP_PORT', '8000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #798cb0565148e0c3 Environment-variable access.
repo/backend/open_webui/config.py:505
    CHROMA_CLIENT_AUTH_PROVIDER = os.getenv('CHROMA_CLIENT_AUTH_PROVIDER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b081599194bd448d Environment-variable access.
repo/backend/open_webui/config.py:506
    CHROMA_CLIENT_AUTH_CREDENTIALS = os.getenv('CHROMA_CLIENT_AUTH_CREDENTIALS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca37cd751aa6368 Environment-variable access.
repo/backend/open_webui/config.py:508
    CHROMA_HTTP_HEADERS = os.getenv('CHROMA_HTTP_HEADERS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63264ab4a2ef79a2 Environment-variable access.
repo/backend/open_webui/config.py:513
    CHROMA_HTTP_SSL = os.getenv('CHROMA_HTTP_SSL', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b588cb099a3679b4 Environment-variable access.
repo/backend/open_webui/config.py:518
MARIADB_VECTOR_DB_URL = os.getenv('MARIADB_VECTOR_DB_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65c2412238c59d25 Environment-variable access.
repo/backend/open_webui/config.py:521
    os.getenv('MARIADB_VECTOR_INITIALIZE_MAX_VECTOR_LENGTH', '1536').strip() or '1536'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c42a2776b41e8ce Environment-variable access.
repo/backend/open_webui/config.py:527
MARIADB_VECTOR_DISTANCE_STRATEGY = os.getenv('MARIADB_VECTOR_DISTANCE_STRATEGY', 'cosine').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd7393d3e76ca750 Environment-variable access.
repo/backend/open_webui/config.py:530
MARIADB_VECTOR_INDEX_M = int(os.getenv('MARIADB_VECTOR_INDEX_M', '8').strip() or '8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65b4bef8de7653bf Environment-variable access.
repo/backend/open_webui/config.py:533
MARIADB_VECTOR_POOL_SIZE = os.getenv('MARIADB_VECTOR_POOL_SIZE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8ffbba007534c01 Environment-variable access.
repo/backend/open_webui/config.py:541
MARIADB_VECTOR_POOL_MAX_OVERFLOW = os.getenv('MARIADB_VECTOR_POOL_MAX_OVERFLOW', 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764f4612cfbb9397 Environment-variable access.
repo/backend/open_webui/config.py:551
MARIADB_VECTOR_POOL_TIMEOUT = os.getenv('MARIADB_VECTOR_POOL_TIMEOUT', 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7db7f0b43e3fab5 Environment-variable access.
repo/backend/open_webui/config.py:561
MARIADB_VECTOR_POOL_RECYCLE = os.getenv('MARIADB_VECTOR_POOL_RECYCLE', 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e578ecf601a60f2d Environment-variable access.
repo/backend/open_webui/config.py:587
MILVUS_URI = os.getenv('MILVUS_URI', f'{DATA_DIR}/vector_db/milvus.db')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cee122e256dca4a7 Environment-variable access.
repo/backend/open_webui/config.py:588
MILVUS_DB = os.getenv('MILVUS_DB', 'default')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5904c9b3befafce4 Environment-variable access.
repo/backend/open_webui/config.py:589
MILVUS_TOKEN = os.getenv('MILVUS_TOKEN', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a954f2d8e2627d2 Environment-variable access.
repo/backend/open_webui/config.py:590
MILVUS_INDEX_TYPE = os.getenv('MILVUS_INDEX_TYPE', 'HNSW')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #874dbccd86887200 Environment-variable access.
repo/backend/open_webui/config.py:591
MILVUS_METRIC_TYPE = os.getenv('MILVUS_METRIC_TYPE', 'COSINE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2edac3fea3baa683 Environment-variable access.
repo/backend/open_webui/config.py:592
MILVUS_HNSW_M = int(os.getenv('MILVUS_HNSW_M', '16'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #882b72f235680545 Environment-variable access.
repo/backend/open_webui/config.py:593
MILVUS_HNSW_EFCONSTRUCTION = int(os.getenv('MILVUS_HNSW_EFCONSTRUCTION', '100'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e0eafdf51696d00 Environment-variable access.
repo/backend/open_webui/config.py:594
MILVUS_IVF_FLAT_NLIST = int(os.getenv('MILVUS_IVF_FLAT_NLIST', '128'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a4207b60c6b935a Environment-variable access.
repo/backend/open_webui/config.py:595
MILVUS_DISKANN_MAX_DEGREE = int(os.getenv('MILVUS_DISKANN_MAX_DEGREE', '56'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6baf0bdc51030b68 Environment-variable access.
repo/backend/open_webui/config.py:596
MILVUS_DISKANN_SEARCH_LIST_SIZE = int(os.getenv('MILVUS_DISKANN_SEARCH_LIST_SIZE', '100'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55d0dff0610da94e Environment-variable access.
repo/backend/open_webui/config.py:597
ENABLE_MILVUS_MULTITENANCY_MODE = os.getenv('ENABLE_MILVUS_MULTITENANCY_MODE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ea87569ca94f743 Environment-variable access.
repo/backend/open_webui/config.py:599
MILVUS_COLLECTION_PREFIX = os.getenv('MILVUS_COLLECTION_PREFIX', 'open_webui')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #381bdbc3f13a64a1 Environment-variable access.
repo/backend/open_webui/config.py:602
QDRANT_URI = os.getenv('QDRANT_URI', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cfc8921528daabb Environment-variable access.
repo/backend/open_webui/config.py:603
QDRANT_API_KEY = os.getenv('QDRANT_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a68689e2f98aca9c Environment-variable access.
repo/backend/open_webui/config.py:604
QDRANT_ON_DISK = os.getenv('QDRANT_ON_DISK', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efea076ac0a6cc9b Environment-variable access.
repo/backend/open_webui/config.py:605
QDRANT_PREFER_GRPC = os.getenv('QDRANT_PREFER_GRPC', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b52671cbba34dc19 Environment-variable access.
repo/backend/open_webui/config.py:606
QDRANT_GRPC_PORT = int(os.getenv('QDRANT_GRPC_PORT', '6334'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f6c16dfab19614 Environment-variable access.
repo/backend/open_webui/config.py:607
QDRANT_TIMEOUT = int(os.getenv('QDRANT_TIMEOUT', '5'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b37366d3bf27f769 Environment-variable access.
repo/backend/open_webui/config.py:608
QDRANT_HNSW_M = int(os.getenv('QDRANT_HNSW_M', '16'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #393271f6c270d191 Environment-variable access.
repo/backend/open_webui/config.py:609
ENABLE_QDRANT_MULTITENANCY_MODE = os.getenv('ENABLE_QDRANT_MULTITENANCY_MODE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #951003f9a5ac4b04 Environment-variable access.
repo/backend/open_webui/config.py:610
QDRANT_COLLECTION_PREFIX = os.getenv('QDRANT_COLLECTION_PREFIX', 'open-webui')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77a1ea7df5cc1c68 Environment-variable access.
repo/backend/open_webui/config.py:612
WEAVIATE_HTTP_HOST = os.getenv('WEAVIATE_HTTP_HOST', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf1943ad7ca7b94d Environment-variable access.
repo/backend/open_webui/config.py:613
WEAVIATE_GRPC_HOST = os.getenv('WEAVIATE_GRPC_HOST', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6df80b8742f065e5 Environment-variable access.
repo/backend/open_webui/config.py:614
WEAVIATE_HTTP_PORT = int(os.getenv('WEAVIATE_HTTP_PORT', '8080'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #119982b32a43d30b Environment-variable access.
repo/backend/open_webui/config.py:615
WEAVIATE_GRPC_PORT = int(os.getenv('WEAVIATE_GRPC_PORT', '50051'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21cd82ea436d7d24 Environment-variable access.
repo/backend/open_webui/config.py:616
WEAVIATE_API_KEY = os.getenv('WEAVIATE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c69a7ee7c41c2e Environment-variable access.
repo/backend/open_webui/config.py:617
WEAVIATE_HTTP_SECURE = os.getenv('WEAVIATE_HTTP_SECURE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a43ac818ba4ffe6d Environment-variable access.
repo/backend/open_webui/config.py:618
WEAVIATE_GRPC_SECURE = os.getenv('WEAVIATE_GRPC_SECURE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f23148b5b955637c Environment-variable access.
repo/backend/open_webui/config.py:619
WEAVIATE_SKIP_INIT_CHECKS = os.getenv('WEAVIATE_SKIP_INIT_CHECKS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3180bcaa0d1171a1 Environment-variable access.
repo/backend/open_webui/config.py:622
OPENSEARCH_URI = os.getenv('OPENSEARCH_URI', 'https://localhost:9200')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dafa61f063aef38 Environment-variable access.
repo/backend/open_webui/config.py:623
OPENSEARCH_SSL = os.getenv('OPENSEARCH_SSL', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b339ae3aa45be13 Environment-variable access.
repo/backend/open_webui/config.py:624
OPENSEARCH_CERT_VERIFY = os.getenv('OPENSEARCH_CERT_VERIFY', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26b765e6e7d66af9 Environment-variable access.
repo/backend/open_webui/config.py:625
OPENSEARCH_USERNAME = os.getenv('OPENSEARCH_USERNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cd6b77ef72f230e Environment-variable access.
repo/backend/open_webui/config.py:626
OPENSEARCH_PASSWORD = os.getenv('OPENSEARCH_PASSWORD', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #282b69f22e52734a Environment-variable access.
repo/backend/open_webui/config.py:629
ELASTICSEARCH_URL = os.getenv('ELASTICSEARCH_URL', 'https://localhost:9200')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15528568ff3131df Environment-variable access.
repo/backend/open_webui/config.py:630
ELASTICSEARCH_CA_CERTS = os.getenv('ELASTICSEARCH_CA_CERTS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c49550a577e407d Environment-variable access.
repo/backend/open_webui/config.py:631
ELASTICSEARCH_API_KEY = os.getenv('ELASTICSEARCH_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c52c36b973fc4f48 Environment-variable access.
repo/backend/open_webui/config.py:632
ELASTICSEARCH_USERNAME = os.getenv('ELASTICSEARCH_USERNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce5d2c9636f11a32 Environment-variable access.
repo/backend/open_webui/config.py:633
ELASTICSEARCH_PASSWORD = os.getenv('ELASTICSEARCH_PASSWORD', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bfb0511c8f3e6c8 Environment-variable access.
repo/backend/open_webui/config.py:634
ELASTICSEARCH_CLOUD_ID = os.getenv('ELASTICSEARCH_CLOUD_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e92e907d9f911ad Environment-variable access.
repo/backend/open_webui/config.py:635
SSL_ASSERT_FINGERPRINT = os.getenv('SSL_ASSERT_FINGERPRINT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e35030d4e2dcd378 Environment-variable access.
repo/backend/open_webui/config.py:636
ELASTICSEARCH_INDEX_PREFIX = os.getenv('ELASTICSEARCH_INDEX_PREFIX', 'open_webui_collections')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48323b7e556c33ca Environment-variable access.
repo/backend/open_webui/config.py:638
PGVECTOR_DB_URL = os.getenv('PGVECTOR_DB_URL', DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f56087020683ddc Environment-variable access.
repo/backend/open_webui/config.py:643
PGVECTOR_INITIALIZE_MAX_VECTOR_LENGTH = int(os.getenv('PGVECTOR_INITIALIZE_MAX_VECTOR_LENGTH', '1536'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7bdb26a96d579d1 Environment-variable access.
repo/backend/open_webui/config.py:645
PGVECTOR_USE_HALFVEC = os.getenv('PGVECTOR_USE_HALFVEC', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #821ecfbdb7d719f7 Environment-variable access.
repo/backend/open_webui/config.py:655
PGVECTOR_CREATE_EXTENSION = os.getenv('PGVECTOR_CREATE_EXTENSION', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #266537e6a51cd657 Environment-variable access.
repo/backend/open_webui/config.py:656
PGVECTOR_PGCRYPTO = os.getenv('PGVECTOR_PGCRYPTO', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85e0d3290553ab49 Environment-variable access.
repo/backend/open_webui/config.py:657
PGVECTOR_PGCRYPTO_KEY = os.getenv('PGVECTOR_PGCRYPTO_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56fd82dcefde38e2 Environment-variable access.
repo/backend/open_webui/config.py:662
PGVECTOR_POOL_SIZE = os.getenv('PGVECTOR_POOL_SIZE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb48a8cad9619155 Environment-variable access.
repo/backend/open_webui/config.py:670
PGVECTOR_POOL_MAX_OVERFLOW = os.getenv('PGVECTOR_POOL_MAX_OVERFLOW', 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1560ad651fb227e2 Environment-variable access.
repo/backend/open_webui/config.py:680
PGVECTOR_POOL_TIMEOUT = os.getenv('PGVECTOR_POOL_TIMEOUT', 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c41c542688c71b Environment-variable access.
repo/backend/open_webui/config.py:690
PGVECTOR_POOL_RECYCLE = os.getenv('PGVECTOR_POOL_RECYCLE', 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f6511882d7ccee9 Environment-variable access.
repo/backend/open_webui/config.py:700
PGVECTOR_INDEX_METHOD = os.getenv('PGVECTOR_INDEX_METHOD', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ac42a426933b189 Environment-variable access.
repo/backend/open_webui/config.py:704
PGVECTOR_HNSW_M = os.getenv('PGVECTOR_HNSW_M', 16)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #866d1200e45afb72 Environment-variable access.
repo/backend/open_webui/config.py:714
PGVECTOR_HNSW_EF_CONSTRUCTION = os.getenv('PGVECTOR_HNSW_EF_CONSTRUCTION', 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c41cc4e831c7775 Environment-variable access.
repo/backend/open_webui/config.py:724
PGVECTOR_IVFFLAT_LISTS = os.getenv('PGVECTOR_IVFFLAT_LISTS', 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #448909c9e2a03042 Environment-variable access.
repo/backend/open_webui/config.py:735
OPENGAUSS_DB_URL = os.getenv('OPENGAUSS_DB_URL', DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #120dc427986a1b9e Environment-variable access.
repo/backend/open_webui/config.py:737
OPENGAUSS_INITIALIZE_MAX_VECTOR_LENGTH = int(os.getenv('OPENGAUSS_INITIALIZE_MAX_VECTOR_LENGTH', '1536'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #065bed3765c0a9ad Environment-variable access.
repo/backend/open_webui/config.py:739
OPENGAUSS_POOL_SIZE = os.getenv('OPENGAUSS_POOL_SIZE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df714c7faac51416 Environment-variable access.
repo/backend/open_webui/config.py:747
OPENGAUSS_POOL_MAX_OVERFLOW = os.getenv('OPENGAUSS_POOL_MAX_OVERFLOW', 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0b96560ce2b44e7 Environment-variable access.
repo/backend/open_webui/config.py:757
OPENGAUSS_POOL_TIMEOUT = os.getenv('OPENGAUSS_POOL_TIMEOUT', 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fee32a68683e8d8 Environment-variable access.
repo/backend/open_webui/config.py:767
OPENGAUSS_POOL_RECYCLE = os.getenv('OPENGAUSS_POOL_RECYCLE', 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2040b9e297b43d10 Environment-variable access.
repo/backend/open_webui/config.py:778
PINECONE_API_KEY = os.getenv('PINECONE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b92fb80b7b22ccc8 Environment-variable access.
repo/backend/open_webui/config.py:779
PINECONE_ENVIRONMENT = os.getenv('PINECONE_ENVIRONMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d59b7e11a60bb6b Environment-variable access.
repo/backend/open_webui/config.py:780
PINECONE_INDEX_NAME = os.getenv('PINECONE_INDEX_NAME', 'open-webui-index')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871eaa68242f8dec Environment-variable access.
repo/backend/open_webui/config.py:781
PINECONE_DIMENSION = int(os.getenv('PINECONE_DIMENSION', 1536))  # or 3072, 1024, 768

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2010d32ecac6ac0a Environment-variable access.
repo/backend/open_webui/config.py:782
PINECONE_METRIC = os.getenv('PINECONE_METRIC', 'cosine')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d139885a0dd6c6 Environment-variable access.
repo/backend/open_webui/config.py:783
PINECONE_CLOUD = os.getenv('PINECONE_CLOUD', 'aws')  # or "gcp" or "azure"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd11c61bd66b2c50 Environment-variable access.
repo/backend/open_webui/config.py:787
ORACLE_DB_USE_WALLET = os.getenv('ORACLE_DB_USE_WALLET', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfe4b5358de3683c Environment-variable access.
repo/backend/open_webui/config.py:788
ORACLE_DB_USER = os.getenv('ORACLE_DB_USER', None)  #

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83195d3c303de2c8 Environment-variable access.
repo/backend/open_webui/config.py:789
ORACLE_DB_PASSWORD = os.getenv('ORACLE_DB_PASSWORD', None)  #

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54b726551783855e Environment-variable access.
repo/backend/open_webui/config.py:790
ORACLE_DB_DSN = os.getenv('ORACLE_DB_DSN', None)  #

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fd63145e46f2b7d Environment-variable access.
repo/backend/open_webui/config.py:791
ORACLE_WALLET_DIR = os.getenv('ORACLE_WALLET_DIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #036f9b3d341c6833 Environment-variable access.
repo/backend/open_webui/config.py:792
ORACLE_WALLET_PASSWORD = os.getenv('ORACLE_WALLET_PASSWORD', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ec259c78e05f0e3 Environment-variable access.
repo/backend/open_webui/config.py:793
ORACLE_VECTOR_LENGTH = os.getenv('ORACLE_VECTOR_LENGTH', 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d84d9b2c1cef8f06 Environment-variable access.
repo/backend/open_webui/config.py:795
ORACLE_DB_POOL_MIN = int(os.getenv('ORACLE_DB_POOL_MIN', 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98a5284d404a6eb1 Environment-variable access.
repo/backend/open_webui/config.py:796
ORACLE_DB_POOL_MAX = int(os.getenv('ORACLE_DB_POOL_MAX', 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #147d4a3ebde2d3cc Environment-variable access.
repo/backend/open_webui/config.py:797
ORACLE_DB_POOL_INCREMENT = int(os.getenv('ORACLE_DB_POOL_INCREMENT', 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab70f56d93cf692f Environment-variable access.
repo/backend/open_webui/config.py:811
S3_VECTOR_BUCKET_NAME = os.getenv('S3_VECTOR_BUCKET_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0af218bd3a12c261 Environment-variable access.
repo/backend/open_webui/config.py:812
S3_VECTOR_REGION = os.getenv('S3_VECTOR_REGION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #342e16b6e09862f7 Environment-variable access.
repo/backend/open_webui/config.py:815
VALKEY_URL = os.getenv('VALKEY_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6deff935472844a9 Environment-variable access.
repo/backend/open_webui/config.py:816
VALKEY_COLLECTION_PREFIX = os.getenv('VALKEY_COLLECTION_PREFIX', 'open_webui')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b65daf974060bdd1 Environment-variable access.
repo/backend/open_webui/config.py:817
VALKEY_INDEX_TYPE = os.getenv('VALKEY_INDEX_TYPE', 'HNSW').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0f757bcc4082cc5 Environment-variable access.
repo/backend/open_webui/config.py:818
VALKEY_DISTANCE_METRIC = os.getenv('VALKEY_DISTANCE_METRIC', 'COSINE').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b100d3e0ba6181 Environment-variable access.
repo/backend/open_webui/config.py:819
VALKEY_HNSW_M = int(os.getenv('VALKEY_HNSW_M', '16'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cd9010bc6ab12de Environment-variable access.
repo/backend/open_webui/config.py:820
VALKEY_HNSW_EF_CONSTRUCTION = int(os.getenv('VALKEY_HNSW_EF_CONSTRUCTION', '200'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d6b85b8797b68bd Environment-variable access.
repo/backend/open_webui/config.py:821
VALKEY_HNSW_EF_RUNTIME = int(os.getenv('VALKEY_HNSW_EF_RUNTIME', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ce4309a870ae6e1 Environment-variable access.
repo/backend/open_webui/config.py:829
ENABLE_GOOGLE_DRIVE_INTEGRATION = os.getenv('ENABLE_GOOGLE_DRIVE_INTEGRATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc699d9cba7dce30 Environment-variable access.
repo/backend/open_webui/config.py:831
GOOGLE_DRIVE_CLIENT_ID = os.getenv('GOOGLE_DRIVE_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbbe5ad8648142fa Environment-variable access.
repo/backend/open_webui/config.py:833
GOOGLE_DRIVE_API_KEY = os.getenv('GOOGLE_DRIVE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9be7fb236c144a3f Environment-variable access.
repo/backend/open_webui/config.py:835
ENABLE_ONEDRIVE_INTEGRATION = os.getenv('ENABLE_ONEDRIVE_INTEGRATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16a0fbe9a1289b3 Environment-variable access.
repo/backend/open_webui/config.py:838
ONEDRIVE_CLIENT_ID = os.getenv('ONEDRIVE_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc92e429640e4712 Environment-variable access.
repo/backend/open_webui/config.py:839
ONEDRIVE_CLIENT_ID_PERSONAL = os.getenv('ONEDRIVE_CLIENT_ID_PERSONAL', ONEDRIVE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #176760aff2b7bc1c Environment-variable access.
repo/backend/open_webui/config.py:840
ONEDRIVE_CLIENT_ID_BUSINESS = os.getenv('ONEDRIVE_CLIENT_ID_BUSINESS', ONEDRIVE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c93e068901100636 Environment-variable access.
repo/backend/open_webui/config.py:842
ENABLE_ONEDRIVE_PERSONAL = os.getenv('ENABLE_ONEDRIVE_PERSONAL', 'True').lower() == 'true' and bool(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cf8ecc8b67a8880 Environment-variable access.
repo/backend/open_webui/config.py:845
ENABLE_ONEDRIVE_BUSINESS = os.getenv('ENABLE_ONEDRIVE_BUSINESS', 'True').lower() == 'true' and bool(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb15cfc65eadccba Environment-variable access.
repo/backend/open_webui/config.py:849
ONEDRIVE_SHAREPOINT_URL = os.getenv('ONEDRIVE_SHAREPOINT_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b011fd611c57fd31 Environment-variable access.
repo/backend/open_webui/config.py:851
ONEDRIVE_SHAREPOINT_TENANT_ID = os.getenv('ONEDRIVE_SHAREPOINT_TENANT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87ccd477d4a845e Environment-variable access.
repo/backend/open_webui/config.py:854
CONTENT_EXTRACTION_ENGINE = os.getenv('CONTENT_EXTRACTION_ENGINE', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54bb5371f959add7 Environment-variable access.
repo/backend/open_webui/config.py:856
DATALAB_MARKER_API_KEY = os.getenv('DATALAB_MARKER_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #635fad55ad21f3cb Environment-variable access.
repo/backend/open_webui/config.py:858
DATALAB_MARKER_API_BASE_URL = os.getenv('DATALAB_MARKER_API_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aecac088ce6903c Environment-variable access.
repo/backend/open_webui/config.py:860
DATALAB_MARKER_ADDITIONAL_CONFIG = os.getenv('DATALAB_MARKER_ADDITIONAL_CONFIG', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d2cdad98b7981b7 Environment-variable access.
repo/backend/open_webui/config.py:862
DATALAB_MARKER_USE_LLM = os.getenv('DATALAB_MARKER_USE_LLM', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4b05fae82161491 Environment-variable access.
repo/backend/open_webui/config.py:864
DATALAB_MARKER_SKIP_CACHE = os.getenv('DATALAB_MARKER_SKIP_CACHE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f7fa82dc8c8c4c Environment-variable access.
repo/backend/open_webui/config.py:866
DATALAB_MARKER_FORCE_OCR = os.getenv('DATALAB_MARKER_FORCE_OCR', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95ba70f440e5856c Environment-variable access.
repo/backend/open_webui/config.py:868
DATALAB_MARKER_PAGINATE = os.getenv('DATALAB_MARKER_PAGINATE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c21aedb2fc15e193 Environment-variable access.
repo/backend/open_webui/config.py:870
DATALAB_MARKER_STRIP_EXISTING_OCR = os.getenv('DATALAB_MARKER_STRIP_EXISTING_OCR', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #363938b744f15e0c Environment-variable access.
repo/backend/open_webui/config.py:873
    os.getenv('DATALAB_MARKER_DISABLE_IMAGE_EXTRACTION', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f7d6ed5006fd349 Environment-variable access.
repo/backend/open_webui/config.py:876
DATALAB_MARKER_FORMAT_LINES = os.getenv('DATALAB_MARKER_FORMAT_LINES', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a0eb34f5a3d2b83 Environment-variable access.
repo/backend/open_webui/config.py:878
DATALAB_MARKER_OUTPUT_FORMAT = os.getenv('DATALAB_MARKER_OUTPUT_FORMAT', 'markdown')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f84b2463bf6d7e6 Environment-variable access.
repo/backend/open_webui/config.py:880
MINERU_API_MODE = os.getenv('MINERU_API_MODE', 'local')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #457d879e859f0a6f Environment-variable access.
repo/backend/open_webui/config.py:882
MINERU_API_URL = os.getenv('MINERU_API_URL', 'http://localhost:8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #069a59e69fc72208 Environment-variable access.
repo/backend/open_webui/config.py:884
MINERU_API_TIMEOUT = os.getenv('MINERU_API_TIMEOUT', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdcd322cd1ea96dc Environment-variable access.
repo/backend/open_webui/config.py:886
MINERU_API_KEY = os.getenv('MINERU_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7864a28b00946b65 Environment-variable access.
repo/backend/open_webui/config.py:888
mineru_params = os.getenv('MINERU_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db56607cdb853499 Environment-variable access.
repo/backend/open_webui/config.py:896
MINERU_FILE_EXTENSIONS = [ext.strip() for ext in os.getenv('MINERU_FILE_EXTENSIONS', 'pdf').split(',') if ext.strip()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #951a40ea9c673bbd Environment-variable access.
repo/backend/open_webui/config.py:898
EXTERNAL_DOCUMENT_LOADER_URL = os.getenv('EXTERNAL_DOCUMENT_LOADER_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c378f97e76d817e6 Environment-variable access.
repo/backend/open_webui/config.py:900
EXTERNAL_DOCUMENT_LOADER_API_KEY = os.getenv('EXTERNAL_DOCUMENT_LOADER_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4153eb020a7ca1e Environment-variable access.
repo/backend/open_webui/config.py:902
external_document_loader_headers = os.getenv('EXTERNAL_DOCUMENT_LOADER_HEADERS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd33d48e3fdc59b Environment-variable access.
repo/backend/open_webui/config.py:912
TIKA_SERVER_URL = os.getenv('TIKA_SERVER_URL', 'http://tika:9998')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #119af7b6a157da57 Environment-variable access.
repo/backend/open_webui/config.py:914
DOCLING_SERVER_URL = os.getenv('DOCLING_SERVER_URL', 'http://docling:5001')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bab647f8136b2025 Environment-variable access.
repo/backend/open_webui/config.py:916
DOCLING_API_KEY = os.getenv('DOCLING_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263928ebe5582556 Environment-variable access.
repo/backend/open_webui/config.py:918
docling_params = os.getenv('DOCLING_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06b1a893d55f2840 Environment-variable access.
repo/backend/open_webui/config.py:926
DOCUMENT_INTELLIGENCE_ENDPOINT = os.getenv('DOCUMENT_INTELLIGENCE_ENDPOINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdfdc5867c4dfaa Environment-variable access.
repo/backend/open_webui/config.py:928
DOCUMENT_INTELLIGENCE_KEY = os.getenv('DOCUMENT_INTELLIGENCE_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27ba21595a72e918 Environment-variable access.
repo/backend/open_webui/config.py:930
DOCUMENT_INTELLIGENCE_MODEL = os.getenv('DOCUMENT_INTELLIGENCE_MODEL', 'prebuilt-layout')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c894653283636c66 Environment-variable access.
repo/backend/open_webui/config.py:932
MISTRAL_OCR_API_BASE_URL = os.getenv('MISTRAL_OCR_API_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c55e60cc757d0af5 Environment-variable access.
repo/backend/open_webui/config.py:934
MISTRAL_OCR_API_KEY = os.getenv('MISTRAL_OCR_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #242b80e9239cab8a Environment-variable access.
repo/backend/open_webui/config.py:936
MISTRAL_OCR_USE_BASE64 = os.getenv('MISTRAL_OCR_USE_BASE64', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25948e0d9353a27b Environment-variable access.
repo/backend/open_webui/config.py:938
PADDLEOCR_VL_BASE_URL = os.getenv('PADDLEOCR_VL_BASE_URL', 'http://localhost:8080')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a251f0378e25f012 Environment-variable access.
repo/backend/open_webui/config.py:940
PADDLEOCR_VL_TOKEN = os.getenv('PADDLEOCR_VL_TOKEN', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cabe8907b4d86398 Environment-variable access.
repo/backend/open_webui/config.py:942
BYPASS_EMBEDDING_AND_RETRIEVAL = os.getenv('BYPASS_EMBEDDING_AND_RETRIEVAL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37d3ff42978a128a Environment-variable access.
repo/backend/open_webui/config.py:945
RAG_TOP_K = int(os.getenv('RAG_TOP_K', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a82c9779c5199f90 Environment-variable access.
repo/backend/open_webui/config.py:946
RAG_TOP_K_RERANKER = int(os.getenv('RAG_TOP_K_RERANKER', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08a8a869439e9e0f Environment-variable access.
repo/backend/open_webui/config.py:947
RAG_RELEVANCE_THRESHOLD = float(os.getenv('RAG_RELEVANCE_THRESHOLD', '0.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac0c56ef0134efe3 Environment-variable access.
repo/backend/open_webui/config.py:948
RAG_HYBRID_BM25_WEIGHT = float(os.getenv('RAG_HYBRID_BM25_WEIGHT', '0.5'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13f3bb03f495ed93 Environment-variable access.
repo/backend/open_webui/config.py:950
ENABLE_RAG_HYBRID_SEARCH = os.getenv('ENABLE_RAG_HYBRID_SEARCH', '').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bfcd866bb63945b Environment-variable access.
repo/backend/open_webui/config.py:953
    os.getenv('ENABLE_RAG_HYBRID_SEARCH_ENRICHED_TEXTS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #815cce0143301f7e Environment-variable access.
repo/backend/open_webui/config.py:956
RAG_FULL_CONTEXT = os.getenv('RAG_FULL_CONTEXT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a11ee405b5ec3378 Environment-variable access.
repo/backend/open_webui/config.py:958
RAG_FILE_MAX_COUNT = int(os.getenv('RAG_FILE_MAX_COUNT')) if os.getenv('RAG_FILE_MAX_COUNT') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fd115b9516b95e4 Environment-variable access.
repo/backend/open_webui/config.py:960
RAG_FILE_MAX_SIZE = int(os.getenv('RAG_FILE_MAX_SIZE')) if os.getenv('RAG_FILE_MAX_SIZE') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4172f64b58b4cd69 Environment-variable access.
repo/backend/open_webui/config.py:962
RAG_FILE_CONTENT_SEARCH_MAX_CHARS = int(os.getenv('RAG_FILE_CONTENT_SEARCH_MAX_CHARS', str(64 * 1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09bab5b77e92b0a6 Environment-variable access.
repo/backend/open_webui/config.py:965
    int(os.getenv('FILE_IMAGE_COMPRESSION_WIDTH')) if os.getenv('FILE_IMAGE_COMPRESSION_WIDTH') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #550d5887c5707e11 Environment-variable access.
repo/backend/open_webui/config.py:969
    int(os.getenv('FILE_IMAGE_COMPRESSION_HEIGHT')) if os.getenv('FILE_IMAGE_COMPRESSION_HEIGHT') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a743f6c7104ccd78 Environment-variable access.
repo/backend/open_webui/config.py:974
    ext.strip() for ext in os.getenv('RAG_ALLOWED_FILE_EXTENSIONS', '').split(',') if ext.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97b714e105af4cae Environment-variable access.
repo/backend/open_webui/config.py:977
RAG_EMBEDDING_ENGINE = os.getenv('RAG_EMBEDDING_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90add5e0e47717f9 Environment-variable access.
repo/backend/open_webui/config.py:979
PDF_EXTRACT_IMAGES = os.getenv('PDF_EXTRACT_IMAGES', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fb0f620fb1c8d90 Environment-variable access.
repo/backend/open_webui/config.py:981
PDF_LOADER_MODE = os.getenv('PDF_LOADER_MODE', 'page')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e67597b2403ceaf2 Environment-variable access.
repo/backend/open_webui/config.py:983
RAG_EMBEDDING_MODEL = os.getenv('RAG_EMBEDDING_MODEL', 'sentence-transformers/all-MiniLM-L6-v2')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a4e22262efeac6c Environment-variable access.
repo/backend/open_webui/config.py:986
RAG_TOKENIZER_MODEL = os.getenv('RAG_TOKENIZER_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f343b30b369c23a Environment-variable access.
repo/backend/open_webui/config.py:989
    not OFFLINE_MODE and os.getenv('RAG_EMBEDDING_MODEL_AUTO_UPDATE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68061b14440bbc09 Environment-variable access.
repo/backend/open_webui/config.py:992
RAG_EMBEDDING_MODEL_TRUST_REMOTE_CODE = os.getenv('RAG_EMBEDDING_MODEL_TRUST_REMOTE_CODE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95a983d344dbf766 Environment-variable access.
repo/backend/open_webui/config.py:995
    os.getenv('RAG_EMBEDDING_BATCH_SIZE') or os.getenv('RAG_EMBEDDING_OPENAI_BATCH_SIZE', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e9494d4b3dfefb7 Environment-variable access.
repo/backend/open_webui/config.py:998
ENABLE_ASYNC_EMBEDDING = os.getenv('ENABLE_ASYNC_EMBEDDING', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f5433d248c7a5e0 Environment-variable access.
repo/backend/open_webui/config.py:1000
RAG_EMBEDDING_CONCURRENT_REQUESTS = int(os.getenv('RAG_EMBEDDING_CONCURRENT_REQUESTS', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7531209264b1322 Environment-variable access.
repo/backend/open_webui/config.py:1002
RAG_EMBEDDING_QUERY_PREFIX = os.getenv('RAG_EMBEDDING_QUERY_PREFIX', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #289db787fe7e688e Environment-variable access.
repo/backend/open_webui/config.py:1004
RAG_EMBEDDING_CONTENT_PREFIX = os.getenv('RAG_EMBEDDING_CONTENT_PREFIX', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9a4582a53355de2 Environment-variable access.
repo/backend/open_webui/config.py:1006
RAG_EMBEDDING_PREFIX_FIELD_NAME = os.getenv('RAG_EMBEDDING_PREFIX_FIELD_NAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a55b05ef7c8c66ff Environment-variable access.
repo/backend/open_webui/config.py:1008
RAG_RERANKING_ENGINE = os.getenv('RAG_RERANKING_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba07e32aaadf5c5 Environment-variable access.
repo/backend/open_webui/config.py:1010
RAG_RERANKING_MODEL = os.getenv('RAG_RERANKING_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fb1054178744c69 Environment-variable access.
repo/backend/open_webui/config.py:1016
    not OFFLINE_MODE and os.getenv('RAG_RERANKING_MODEL_AUTO_UPDATE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #096019c779559c36 Environment-variable access.
repo/backend/open_webui/config.py:1019
RAG_RERANKING_MODEL_TRUST_REMOTE_CODE = os.getenv('RAG_RERANKING_MODEL_TRUST_REMOTE_CODE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cead2f39409e6a7 Environment-variable access.
repo/backend/open_webui/config.py:1021
RAG_RERANKING_BATCH_SIZE = int(os.getenv('RAG_RERANKING_BATCH_SIZE', '32'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d827914b748e11 Environment-variable access.
repo/backend/open_webui/config.py:1023
RAG_EXTERNAL_RERANKER_URL = os.getenv('RAG_EXTERNAL_RERANKER_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c5f5cbdf0df9eb5 Environment-variable access.
repo/backend/open_webui/config.py:1025
RAG_EXTERNAL_RERANKER_API_KEY = os.getenv('RAG_EXTERNAL_RERANKER_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfe5a8c441d24841 Environment-variable access.
repo/backend/open_webui/config.py:1027
RAG_EXTERNAL_RERANKER_TIMEOUT = os.getenv('RAG_EXTERNAL_RERANKER_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48e39aa9380b0024 Environment-variable access.
repo/backend/open_webui/config.py:1030
RAG_TEXT_SPLITTER = os.getenv('RAG_TEXT_SPLITTER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a0ed9ffe74b3235 Environment-variable access.
repo/backend/open_webui/config.py:1032
ENABLE_MARKDOWN_HEADER_TEXT_SPLITTER = os.getenv('ENABLE_MARKDOWN_HEADER_TEXT_SPLITTER', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97f56d4ceeb1f13a Environment-variable access.
repo/backend/open_webui/config.py:1035
TIKTOKEN_CACHE_DIR = os.getenv('TIKTOKEN_CACHE_DIR', f'{CACHE_DIR}/tiktoken')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4dae1d51281588b Environment-variable access.
repo/backend/open_webui/config.py:1036
TIKTOKEN_ENCODING_NAME = os.getenv('TIKTOKEN_ENCODING_NAME', 'cl100k_base')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f99b78f4db63b8c Environment-variable access.
repo/backend/open_webui/config.py:1039
CHUNK_SIZE = int(os.getenv('CHUNK_SIZE', '1000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5abad653b1f6bca0 Environment-variable access.
repo/backend/open_webui/config.py:1041
CHUNK_MIN_SIZE_TARGET = int(os.getenv('CHUNK_MIN_SIZE_TARGET', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fe19556f966e031 Environment-variable access.
repo/backend/open_webui/config.py:1043
CHUNK_OVERLAP = int(os.getenv('CHUNK_OVERLAP', '100'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0129ce0f446ebb4c Environment-variable access.
repo/backend/open_webui/config.py:1071
RAG_TEMPLATE = os.getenv('RAG_TEMPLATE', DEFAULT_RAG_TEMPLATE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26699df3e189099e Environment-variable access.
repo/backend/open_webui/config.py:1073
RAG_OPENAI_API_BASE_URL = os.getenv('RAG_OPENAI_API_BASE_URL', OPENAI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a988196ca3d8f7e9 Environment-variable access.
repo/backend/open_webui/config.py:1074
RAG_OPENAI_API_KEY = os.getenv('RAG_OPENAI_API_KEY', OPENAI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe34bf531471c173 Environment-variable access.
repo/backend/open_webui/config.py:1076
RAG_AZURE_OPENAI_BASE_URL = os.getenv('RAG_AZURE_OPENAI_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a40053aee4b40e7a Environment-variable access.
repo/backend/open_webui/config.py:1077
RAG_AZURE_OPENAI_API_KEY = os.getenv('RAG_AZURE_OPENAI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33674e5f31df771c Environment-variable access.
repo/backend/open_webui/config.py:1078
RAG_AZURE_OPENAI_API_VERSION = os.getenv('RAG_AZURE_OPENAI_API_VERSION', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0579d80fa5488011 Environment-variable access.
repo/backend/open_webui/config.py:1080
RAG_OLLAMA_BASE_URL = os.getenv('RAG_OLLAMA_BASE_URL', OLLAMA_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85b4ffed744f9582 Environment-variable access.
repo/backend/open_webui/config.py:1082
RAG_OLLAMA_API_KEY = os.getenv('RAG_OLLAMA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc6937843b4e7daf Environment-variable access.
repo/backend/open_webui/config.py:1086
    os.getenv(
        'ENABLE_LOCAL_WEB_FETCH',
        os.getenv('ENABLE_RAG_LOCAL_WEB_FETCH', 'False'),
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6719126922a78663 Environment-variable access.
repo/backend/open_webui/config.py:1088
        os.getenv('ENABLE_RAG_LOCAL_WEB_FETCH', 'False'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd492eb6bf9842ee Environment-variable access.
repo/backend/open_webui/config.py:1104
web_fetch_filter_list = os.getenv('WEB_FETCH_FILTER_LIST', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e1a6e68fd87038f Environment-variable access.
repo/backend/open_webui/config.py:1113
YOUTUBE_LOADER_LANGUAGE = os.getenv('YOUTUBE_LOADER_LANGUAGE', 'en').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aee76972191d14e9 Environment-variable access.
repo/backend/open_webui/config.py:1115
YOUTUBE_LOADER_PROXY_URL = os.getenv('YOUTUBE_LOADER_PROXY_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a075d62b3ada06a Environment-variable access.
repo/backend/open_webui/config.py:1122
ENABLE_WEB_SEARCH = os.getenv('ENABLE_WEB_SEARCH', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15f44e710fa5f16e Environment-variable access.
repo/backend/open_webui/config.py:1124
ENABLE_WEB_SEARCH_CONFIRMATION = os.getenv('ENABLE_WEB_SEARCH_CONFIRMATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #975ca829e3e2775f Environment-variable access.
repo/backend/open_webui/config.py:1126
WEB_SEARCH_CONFIRMATION_CONTENT = os.getenv(
    'WEB_SEARCH_CONFIRMATION_CONTENT',
    'Your query will be sent to the configured web search provider.',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baaf29e0da624a68 Environment-variable access.
repo/backend/open_webui/config.py:1131
WEB_SEARCH_ENGINE = os.getenv('WEB_SEARCH_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8607008028620e88 Environment-variable access.
repo/backend/open_webui/config.py:1134
    os.getenv('BYPASS_WEB_SEARCH_EMBEDDING_AND_RETRIEVAL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e0c74196dcd7b0 Environment-variable access.
repo/backend/open_webui/config.py:1138
BYPASS_WEB_SEARCH_WEB_LOADER = os.getenv('BYPASS_WEB_SEARCH_WEB_LOADER', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89b5206bd8ecf92b Environment-variable access.
repo/backend/open_webui/config.py:1140
WEB_SEARCH_RESULT_COUNT = int(os.getenv('WEB_SEARCH_RESULT_COUNT', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c89fa229c4112209 Environment-variable access.
repo/backend/open_webui/config.py:1144
    web_search_domain_filter_list = json.loads(os.getenv('WEB_SEARCH_DOMAIN_FILTER_LIST', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7069a9b76e8c3b5a Environment-variable access.
repo/backend/open_webui/config.py:1157
WEB_SEARCH_CONCURRENT_REQUESTS = int(os.getenv('WEB_SEARCH_CONCURRENT_REQUESTS', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b99e5ef341bb3ba2 Environment-variable access.
repo/backend/open_webui/config.py:1160
    int(os.getenv('WEB_FETCH_MAX_CONTENT_LENGTH')) if os.getenv('WEB_FETCH_MAX_CONTENT_LENGTH') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9854c702c0167f11 Environment-variable access.
repo/backend/open_webui/config.py:1163
WEB_LOADER_ENGINE = os.getenv('WEB_LOADER_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cde89a797770983 Environment-variable access.
repo/backend/open_webui/config.py:1166
WEB_LOADER_CONCURRENT_REQUESTS = int(os.getenv('WEB_LOADER_CONCURRENT_REQUESTS', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d7388cb33c4f443 Environment-variable access.
repo/backend/open_webui/config.py:1168
WEB_LOADER_TIMEOUT = os.getenv('WEB_LOADER_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #287e4f04bee1b166 Environment-variable access.
repo/backend/open_webui/config.py:1171
ENABLE_WEB_LOADER_SSL_VERIFICATION = os.getenv('ENABLE_WEB_LOADER_SSL_VERIFICATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0f90b2bd2f3e11c Environment-variable access.
repo/backend/open_webui/config.py:1173
WEB_SEARCH_TRUST_ENV = os.getenv('WEB_SEARCH_TRUST_ENV', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed32ca332afd8ae6 Environment-variable access.
repo/backend/open_webui/config.py:1176
OLLAMA_CLOUD_WEB_SEARCH_API_KEY = os.getenv('OLLAMA_CLOUD_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ee184467a5f983f Environment-variable access.
repo/backend/open_webui/config.py:1178
SEARXNG_QUERY_URL = os.getenv('SEARXNG_QUERY_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa347f73c4834ea0 Environment-variable access.
repo/backend/open_webui/config.py:1180
SEARXNG_LANGUAGE = os.getenv('SEARXNG_LANGUAGE', 'all')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6443e32e2a877f4f Environment-variable access.
repo/backend/open_webui/config.py:1182
YACY_QUERY_URL = os.getenv('YACY_QUERY_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e99ffb99ba64e6f Environment-variable access.
repo/backend/open_webui/config.py:1184
YACY_USERNAME = os.getenv('YACY_USERNAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eadba2ca5a907b50 Environment-variable access.
repo/backend/open_webui/config.py:1186
YACY_PASSWORD = os.getenv('YACY_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2d0957feff460e2 Environment-variable access.
repo/backend/open_webui/config.py:1188
GOOGLE_PSE_API_KEY = os.getenv('GOOGLE_PSE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52affea74162d61a Environment-variable access.
repo/backend/open_webui/config.py:1190
GOOGLE_PSE_ENGINE_ID = os.getenv('GOOGLE_PSE_ENGINE_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d1123e41bb62fe Environment-variable access.
repo/backend/open_webui/config.py:1192
BRAVE_SEARCH_API_KEY = os.getenv('BRAVE_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d02af2d945682faf Environment-variable access.
repo/backend/open_webui/config.py:1194
BRAVE_SEARCH_CONTEXT_TOKENS = int(os.getenv('BRAVE_SEARCH_CONTEXT_TOKENS', '8192'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c77fe30ba72a440 Environment-variable access.
repo/backend/open_webui/config.py:1196
KAGI_SEARCH_API_KEY = os.getenv('KAGI_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087beacb1647da7e Environment-variable access.
repo/backend/open_webui/config.py:1198
MOJEEK_SEARCH_API_KEY = os.getenv('MOJEEK_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad8666edba86da0d Environment-variable access.
repo/backend/open_webui/config.py:1200
BOCHA_SEARCH_API_KEY = os.getenv('BOCHA_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c53e9f906b88194 Environment-variable access.
repo/backend/open_webui/config.py:1202
SERPSTACK_API_KEY = os.getenv('SERPSTACK_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f37029eaed20f7a Environment-variable access.
repo/backend/open_webui/config.py:1204
SERPSTACK_HTTPS = os.getenv('SERPSTACK_HTTPS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11bdb08faea2c2f8 Environment-variable access.
repo/backend/open_webui/config.py:1206
SERPER_API_KEY = os.getenv('SERPER_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8182b99e0b5b095d Environment-variable access.
repo/backend/open_webui/config.py:1208
SERPLY_API_KEY = os.getenv('SERPLY_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7905363c267ff06 Environment-variable access.
repo/backend/open_webui/config.py:1210
SERPHOUSE_API_KEY = os.getenv('SERPHOUSE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94324799333a4dd8 Environment-variable access.
repo/backend/open_webui/config.py:1212
SERPHOUSE_DOMAIN = os.getenv('SERPHOUSE_DOMAIN', 'google.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0bdb570568dce36 Environment-variable access.
repo/backend/open_webui/config.py:1214
DDGS_BACKEND = os.getenv('DDGS_BACKEND', 'auto')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87722fde05d98ab7 Environment-variable access.
repo/backend/open_webui/config.py:1216
JINA_API_KEY = os.getenv('JINA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd7e0a3c0bfc415 Environment-variable access.
repo/backend/open_webui/config.py:1218
JINA_API_BASE_URL = os.getenv('JINA_API_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59b8a1c91bca46a4 Environment-variable access.
repo/backend/open_webui/config.py:1220
SEARCHAPI_API_KEY = os.getenv('SEARCHAPI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b922a4f578353c1 Environment-variable access.
repo/backend/open_webui/config.py:1222
SEARCHAPI_ENGINE = os.getenv('SEARCHAPI_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4312fc58d55e1a35 Environment-variable access.
repo/backend/open_webui/config.py:1224
SERPAPI_API_KEY = os.getenv('SERPAPI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8388512d1b499fef Environment-variable access.
repo/backend/open_webui/config.py:1226
SERPAPI_ENGINE = os.getenv('SERPAPI_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c80ac5dd5275b8b3 Environment-variable access.
repo/backend/open_webui/config.py:1228
BING_SEARCH_V7_ENDPOINT = os.getenv('BING_SEARCH_V7_ENDPOINT', 'https://api.bing.microsoft.com/v7.0/search')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9752ccb76549db0a Environment-variable access.
repo/backend/open_webui/config.py:1230
BING_SEARCH_V7_SUBSCRIPTION_KEY = os.getenv('BING_SEARCH_V7_SUBSCRIPTION_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a669c80cd60b192 Environment-variable access.
repo/backend/open_webui/config.py:1232
AZURE_AI_SEARCH_API_KEY = os.getenv('AZURE_AI_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8aab92aea8341ea Environment-variable access.
repo/backend/open_webui/config.py:1234
AZURE_AI_SEARCH_ENDPOINT = os.getenv('AZURE_AI_SEARCH_ENDPOINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07789f72966a099a Environment-variable access.
repo/backend/open_webui/config.py:1236
AZURE_AI_SEARCH_INDEX_NAME = os.getenv('AZURE_AI_SEARCH_INDEX_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bc5755ac95c08d5 Environment-variable access.
repo/backend/open_webui/config.py:1238
EXA_API_KEY = os.getenv('EXA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e54d40fd300cee Environment-variable access.
repo/backend/open_webui/config.py:1240
PERPLEXITY_API_KEY = os.getenv('PERPLEXITY_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a54bf8e5fc8d08c3 Environment-variable access.
repo/backend/open_webui/config.py:1242
PERPLEXITY_MODEL = os.getenv('PERPLEXITY_MODEL', 'sonar')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2fc0243d9ce3ce2 Environment-variable access.
repo/backend/open_webui/config.py:1244
PERPLEXITY_SEARCH_CONTEXT_USAGE = os.getenv('PERPLEXITY_SEARCH_CONTEXT_USAGE', 'medium')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b3822d287e5831 Environment-variable access.
repo/backend/open_webui/config.py:1246
PERPLEXITY_SEARCH_API_URL = os.getenv('PERPLEXITY_SEARCH_API_URL', 'https://api.perplexity.ai/search')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af51ed9065163b5 Environment-variable access.
repo/backend/open_webui/config.py:1248
MICROSOFT_WEB_IQ_API_BASE_URL = os.getenv('MICROSOFT_WEB_IQ_API_BASE_URL', 'https://api.microsoft.ai/v3')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9262f0f25c4759d2 Environment-variable access.
repo/backend/open_webui/config.py:1250
MICROSOFT_WEB_IQ_API_KEY = os.getenv('MICROSOFT_WEB_IQ_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed00354e0b7713f0 Environment-variable access.
repo/backend/open_webui/config.py:1252
MICROSOFT_WEB_IQ_LANGUAGE = os.getenv('MICROSOFT_WEB_IQ_LANGUAGE', 'en')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e320c4ca8ef5c77f Environment-variable access.
repo/backend/open_webui/config.py:1254
SOUGOU_API_SID = os.getenv('SOUGOU_API_SID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a75ca7c0cf74a73 Environment-variable access.
repo/backend/open_webui/config.py:1256
SOUGOU_API_SK = os.getenv('SOUGOU_API_SK', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e81e74b1720199db Environment-variable access.
repo/backend/open_webui/config.py:1258
TAVILY_API_KEY = os.getenv('TAVILY_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8967002f81e7a815 Environment-variable access.
repo/backend/open_webui/config.py:1260
TAVILY_EXTRACT_DEPTH = os.getenv('TAVILY_EXTRACT_DEPTH', 'basic')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #227aaf6269ed682f Environment-variable access.
repo/backend/open_webui/config.py:1262
PLAYWRIGHT_WS_URL = os.getenv('PLAYWRIGHT_WS_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e6f245bde5ebade Environment-variable access.
repo/backend/open_webui/config.py:1264
PLAYWRIGHT_TIMEOUT = int(os.getenv('PLAYWRIGHT_TIMEOUT', '10000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #236985e234170928 Environment-variable access.
repo/backend/open_webui/config.py:1266
FIRECRAWL_API_KEY = os.getenv('FIRECRAWL_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff6afddc8bd89bf8 Environment-variable access.
repo/backend/open_webui/config.py:1268
FIRECRAWL_API_BASE_URL = os.getenv('FIRECRAWL_API_BASE_URL', 'https://api.firecrawl.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb96e9fa51b9404e Environment-variable access.
repo/backend/open_webui/config.py:1270
FIRECRAWL_TIMEOUT = os.getenv('FIRECRAWL_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2dad8d21270959c Environment-variable access.
repo/backend/open_webui/config.py:1272
EXTERNAL_WEB_SEARCH_URL = os.getenv('EXTERNAL_WEB_SEARCH_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee6f6e40679ecd7e Environment-variable access.
repo/backend/open_webui/config.py:1274
EXTERNAL_WEB_SEARCH_API_KEY = os.getenv('EXTERNAL_WEB_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7f386adf5b6a9e7 Environment-variable access.
repo/backend/open_webui/config.py:1276
EXTERNAL_WEB_LOADER_URL = os.getenv('EXTERNAL_WEB_LOADER_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8d8ad0f514394e3 Environment-variable access.
repo/backend/open_webui/config.py:1278
EXTERNAL_WEB_LOADER_API_KEY = os.getenv('EXTERNAL_WEB_LOADER_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0483ef8eca666bef Environment-variable access.
repo/backend/open_webui/config.py:1280
YANDEX_WEB_SEARCH_URL = os.getenv('YANDEX_WEB_SEARCH_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0dd51d52b5a74271 Environment-variable access.
repo/backend/open_webui/config.py:1282
YANDEX_WEB_SEARCH_API_KEY = os.getenv('YANDEX_WEB_SEARCH_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ed7009ca3ebb7e7 Environment-variable access.
repo/backend/open_webui/config.py:1284
YANDEX_WEB_SEARCH_CONFIG = os.getenv('YANDEX_WEB_SEARCH_CONFIG', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #806538fba03b3cd7 Environment-variable access.
repo/backend/open_webui/config.py:1286
YOUCOM_API_KEY = os.getenv('YOUCOM_API_KEY', os.getenv('YDC_API_KEY', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99cf9d3770ffd8c1 Environment-variable access.
repo/backend/open_webui/config.py:1288
LINKUP_API_KEY = os.getenv('LINKUP_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d53343c5b0a67785 Environment-variable access.
repo/backend/open_webui/config.py:1290
linkup_search_params = os.getenv('LINKUP_SEARCH_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5113c1e06a1a8bd Environment-variable access.
repo/backend/open_webui/config.py:1302
ENABLE_IMAGE_GENERATION = os.getenv('ENABLE_IMAGE_GENERATION', '').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e8d7ea8c7d83f44 Environment-variable access.
repo/backend/open_webui/config.py:1304
IMAGE_GENERATION_ENGINE = os.getenv('IMAGE_GENERATION_ENGINE', 'openai')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4457f11121a210ea Environment-variable access.
repo/backend/open_webui/config.py:1306
IMAGE_GENERATION_MODEL = os.getenv('IMAGE_GENERATION_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c798c4b61b88b73 Environment-variable access.
repo/backend/open_webui/config.py:1309
IMAGE_AUTO_SIZE_MODELS_REGEX_PATTERN = os.getenv('IMAGE_AUTO_SIZE_MODELS_REGEX_PATTERN', '^gpt-image')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf97fc73c05a2c8c Environment-variable access.
repo/backend/open_webui/config.py:1312
IMAGE_URL_RESPONSE_MODELS_REGEX_PATTERN = os.getenv('IMAGE_URL_RESPONSE_MODELS_REGEX_PATTERN', '^gpt-image')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4604e3f189770e0b Environment-variable access.
repo/backend/open_webui/config.py:1314
IMAGE_SIZE = os.getenv('IMAGE_SIZE', '512x512')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fed4e3f328aaae3 Environment-variable access.
repo/backend/open_webui/config.py:1316
IMAGE_STEPS = int(os.getenv('IMAGE_STEPS', 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #701d3018a16c6076 Environment-variable access.
repo/backend/open_webui/config.py:1318
ENABLE_IMAGE_PROMPT_GENERATION = os.getenv('ENABLE_IMAGE_PROMPT_GENERATION', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7762f46b90c6f6ea Environment-variable access.
repo/backend/open_webui/config.py:1320
AUTOMATIC1111_BASE_URL = os.getenv('AUTOMATIC1111_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d339a854f13404c Environment-variable access.
repo/backend/open_webui/config.py:1321
AUTOMATIC1111_API_AUTH = os.getenv('AUTOMATIC1111_API_AUTH', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aec721df61d7dfe1 Environment-variable access.
repo/backend/open_webui/config.py:1323
automatic1111_params = os.getenv('AUTOMATIC1111_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c176614a968750e3 Environment-variable access.
repo/backend/open_webui/config.py:1331
COMFYUI_BASE_URL = os.getenv('COMFYUI_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8266b2b0b2f02c19 Environment-variable access.
repo/backend/open_webui/config.py:1333
COMFYUI_API_KEY = os.getenv('COMFYUI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50cf919c24f6ebd3 Environment-variable access.
repo/backend/open_webui/config.py:1446
COMFYUI_WORKFLOW = os.getenv('COMFYUI_WORKFLOW', COMFYUI_DEFAULT_WORKFLOW)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38d595dff66f00a8 Environment-variable access.
repo/backend/open_webui/config.py:1448
comfyui_workflow_nodes = os.getenv('COMFYUI_WORKFLOW_NODES', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bb187d9b1c13c34 Environment-variable access.
repo/backend/open_webui/config.py:1456
IMAGES_OPENAI_API_BASE_URL = os.getenv('IMAGES_OPENAI_API_BASE_URL', OPENAI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #880797e898497764 Environment-variable access.
repo/backend/open_webui/config.py:1457
IMAGES_OPENAI_API_VERSION = os.getenv('IMAGES_OPENAI_API_VERSION', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0096cdaa8430527 Environment-variable access.
repo/backend/open_webui/config.py:1459
IMAGES_OPENAI_API_KEY = os.getenv('IMAGES_OPENAI_API_KEY', OPENAI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c935bf7a35b554 Environment-variable access.
repo/backend/open_webui/config.py:1461
images_openai_params = os.getenv('IMAGES_OPENAI_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #863740c25ffcc34f Environment-variable access.
repo/backend/open_webui/config.py:1471
IMAGES_GEMINI_API_BASE_URL = os.getenv('IMAGES_GEMINI_API_BASE_URL', GEMINI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bddc8124ac9f6e5 Environment-variable access.
repo/backend/open_webui/config.py:1472
IMAGES_GEMINI_API_KEY = os.getenv('IMAGES_GEMINI_API_KEY', GEMINI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56fccdd39c2bc493 Environment-variable access.
repo/backend/open_webui/config.py:1474
IMAGES_GEMINI_ENDPOINT_METHOD = os.getenv('IMAGES_GEMINI_ENDPOINT_METHOD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd26003d0b2cd9bd Environment-variable access.
repo/backend/open_webui/config.py:1476
ENABLE_IMAGE_EDIT = os.getenv('ENABLE_IMAGE_EDIT', '').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae010e5af42ba3a8 Environment-variable access.
repo/backend/open_webui/config.py:1478
IMAGE_EDIT_ENGINE = os.getenv('IMAGE_EDIT_ENGINE', 'openai')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #866fab6de9a092a4 Environment-variable access.
repo/backend/open_webui/config.py:1480
IMAGE_EDIT_MODEL = os.getenv('IMAGE_EDIT_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7852aca8f00314be Environment-variable access.
repo/backend/open_webui/config.py:1482
IMAGE_EDIT_SIZE = os.getenv('IMAGE_EDIT_SIZE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a122b7ab07116a78 Environment-variable access.
repo/backend/open_webui/config.py:1484
ENABLE_OPENAI_IMAGE_EDIT_NORMALIZATION = os.getenv('ENABLE_OPENAI_IMAGE_EDIT_NORMALIZATION', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39cf5429968f1952 Environment-variable access.
repo/backend/open_webui/config.py:1486
IMAGES_EDIT_OPENAI_API_BASE_URL = os.getenv('IMAGES_EDIT_OPENAI_API_BASE_URL', OPENAI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee4d076c4d74063f Environment-variable access.
repo/backend/open_webui/config.py:1487
IMAGES_EDIT_OPENAI_API_VERSION = os.getenv('IMAGES_EDIT_OPENAI_API_VERSION', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d5b53c25d666cc3 Environment-variable access.
repo/backend/open_webui/config.py:1489
IMAGES_EDIT_OPENAI_API_KEY = os.getenv('IMAGES_EDIT_OPENAI_API_KEY', OPENAI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f3ff10291dc691f Environment-variable access.
repo/backend/open_webui/config.py:1491
IMAGES_EDIT_GEMINI_API_BASE_URL = os.getenv('IMAGES_EDIT_GEMINI_API_BASE_URL', GEMINI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76b5d93698a09ad9 Environment-variable access.
repo/backend/open_webui/config.py:1492
IMAGES_EDIT_GEMINI_API_KEY = os.getenv('IMAGES_EDIT_GEMINI_API_KEY', GEMINI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbca52b3b43ff026 Environment-variable access.
repo/backend/open_webui/config.py:1495
IMAGES_EDIT_COMFYUI_BASE_URL = os.getenv('IMAGES_EDIT_COMFYUI_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fde642b9433e31a Environment-variable access.
repo/backend/open_webui/config.py:1496
IMAGES_EDIT_COMFYUI_API_KEY = os.getenv('IMAGES_EDIT_COMFYUI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45b1def90c088359 Environment-variable access.
repo/backend/open_webui/config.py:1498
IMAGES_EDIT_COMFYUI_WORKFLOW = os.getenv('IMAGES_EDIT_COMFYUI_WORKFLOW', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55f4b53ea78061d2 Environment-variable access.
repo/backend/open_webui/config.py:1500
images_edit_comfyui_workflow_nodes = os.getenv('IMAGES_EDIT_COMFYUI_WORKFLOW_NODES', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39f68b64e9cad90d Environment-variable access.
repo/backend/open_webui/config.py:1513
WHISPER_MODEL = os.getenv('WHISPER_MODEL', 'base')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cd36ff5894f99ac Environment-variable access.
repo/backend/open_webui/config.py:1515
WHISPER_COMPUTE_TYPE = os.getenv('WHISPER_COMPUTE_TYPE', 'int8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58a44925b096db1 Environment-variable access.
repo/backend/open_webui/config.py:1516
WHISPER_MODEL_DIR = os.getenv('WHISPER_MODEL_DIR', f'{CACHE_DIR}/whisper/models')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9082781702b5ecde Environment-variable access.
repo/backend/open_webui/config.py:1517
WHISPER_MODEL_AUTO_UPDATE = not OFFLINE_MODE and os.getenv('WHISPER_MODEL_AUTO_UPDATE', '').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91c650bd78fcd505 Environment-variable access.
repo/backend/open_webui/config.py:1519
WHISPER_VAD_FILTER = os.getenv('WHISPER_VAD_FILTER', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdc5ab8d270efa7c Environment-variable access.
repo/backend/open_webui/config.py:1521
WHISPER_MULTILINGUAL = os.getenv('WHISPER_MULTILINGUAL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b26f45a0c821b1b9 Environment-variable access.
repo/backend/open_webui/config.py:1523
WHISPER_LANGUAGE = os.getenv('WHISPER_LANGUAGE', '').lower() or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c81d946390663a36 Environment-variable access.
repo/backend/open_webui/config.py:1526
DEEPGRAM_API_KEY = os.getenv('DEEPGRAM_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92cc5a2d655d9277 Environment-variable access.
repo/backend/open_webui/config.py:1529
ELEVENLABS_API_BASE_URL = os.getenv('ELEVENLABS_API_BASE_URL', 'https://api.elevenlabs.io')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc5abf11ed2d2bea Environment-variable access.
repo/backend/open_webui/config.py:1531
AUDIO_STT_OPENAI_API_BASE_URL = os.getenv('AUDIO_STT_OPENAI_API_BASE_URL', OPENAI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fd2eff84f6fe7db Environment-variable access.
repo/backend/open_webui/config.py:1533
AUDIO_STT_OPENAI_API_KEY = os.getenv('AUDIO_STT_OPENAI_API_KEY', OPENAI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f618a1436eb91af0 Environment-variable access.
repo/backend/open_webui/config.py:1535
AUDIO_STT_OPENAI_API_REQUEST_FORMAT = os.getenv('AUDIO_STT_OPENAI_API_REQUEST_FORMAT', 'multipart')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00058fb4dd39f0b4 Environment-variable access.
repo/backend/open_webui/config.py:1537
AUDIO_STT_ENGINE = os.getenv('AUDIO_STT_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a5a38eb72fc1d0 Environment-variable access.
repo/backend/open_webui/config.py:1539
AUDIO_STT_MODEL = os.getenv('AUDIO_STT_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03ded541892e5cd8 Environment-variable access.
repo/backend/open_webui/config.py:1543
    for content_type in os.getenv('AUDIO_STT_SUPPORTED_CONTENT_TYPES', '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb07f9f8b646e914 Environment-variable access.
repo/backend/open_webui/config.py:1549
    for ext in os.getenv(
        'AUDIO_STT_ALLOWED_EXTENSIONS',
        'mp3,wav,m4a,webm,ogg,flac,mp4,mpga,mpeg',
    ).split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6e649c9c81bfb2b Environment-variable access.
repo/backend/open_webui/config.py:1556
AUDIO_STT_AZURE_API_KEY = os.getenv('AUDIO_STT_AZURE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1936ada89b86dd76 Environment-variable access.
repo/backend/open_webui/config.py:1558
AUDIO_STT_AZURE_REGION = os.getenv('AUDIO_STT_AZURE_REGION', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d031e1d72a1f92e Environment-variable access.
repo/backend/open_webui/config.py:1560
AUDIO_STT_AZURE_LOCALES = os.getenv('AUDIO_STT_AZURE_LOCALES', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1593dc6865e1feb Environment-variable access.
repo/backend/open_webui/config.py:1562
AUDIO_STT_AZURE_BASE_URL = os.getenv('AUDIO_STT_AZURE_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c4a13c2f2c43b38 Environment-variable access.
repo/backend/open_webui/config.py:1564
AUDIO_STT_AZURE_MAX_SPEAKERS = os.getenv('AUDIO_STT_AZURE_MAX_SPEAKERS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bd209613215db00 Environment-variable access.
repo/backend/open_webui/config.py:1566
AUDIO_STT_MISTRAL_API_KEY = os.getenv('AUDIO_STT_MISTRAL_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0964ee3f548f3453 Environment-variable access.
repo/backend/open_webui/config.py:1568
AUDIO_STT_MISTRAL_API_BASE_URL = os.getenv('AUDIO_STT_MISTRAL_API_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b991529e1aebb06 Environment-variable access.
repo/backend/open_webui/config.py:1570
AUDIO_STT_MISTRAL_USE_CHAT_COMPLETIONS = os.getenv('AUDIO_STT_MISTRAL_USE_CHAT_COMPLETIONS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcc55e0ab51a8835 Environment-variable access.
repo/backend/open_webui/config.py:1572
AUDIO_TTS_OPENAI_API_BASE_URL = os.getenv('AUDIO_TTS_OPENAI_API_BASE_URL', OPENAI_API_BASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7a4f2036ac0bd73 Environment-variable access.
repo/backend/open_webui/config.py:1573
AUDIO_TTS_OPENAI_API_KEY = os.getenv('AUDIO_TTS_OPENAI_API_KEY', OPENAI_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50f48ab51249d3f0 Environment-variable access.
repo/backend/open_webui/config.py:1575
audio_tts_openai_params = os.getenv('AUDIO_TTS_OPENAI_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #660a6e895cc317f9 Environment-variable access.
repo/backend/open_webui/config.py:1584
AUDIO_TTS_API_KEY = os.getenv('AUDIO_TTS_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63e28973bdace9d9 Environment-variable access.
repo/backend/open_webui/config.py:1586
AUDIO_TTS_ENGINE = os.getenv('AUDIO_TTS_ENGINE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36ace29e7be5e36f Environment-variable access.
repo/backend/open_webui/config.py:1589
AUDIO_TTS_MODEL = os.getenv('AUDIO_TTS_MODEL', 'tts-1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a839f65d78e8433 Environment-variable access.
repo/backend/open_webui/config.py:1591
AUDIO_TTS_VOICE = os.getenv('AUDIO_TTS_VOICE', 'alloy')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #602559c5939dc873 Environment-variable access.
repo/backend/open_webui/config.py:1593
AUDIO_TTS_SPLIT_ON = os.getenv('AUDIO_TTS_SPLIT_ON', 'punctuation')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8aa7ec276098a318 Environment-variable access.
repo/backend/open_webui/config.py:1595
AUDIO_TTS_AZURE_SPEECH_REGION = os.getenv('AUDIO_TTS_AZURE_SPEECH_REGION', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3cd957965a6b0c0 Environment-variable access.
repo/backend/open_webui/config.py:1597
AUDIO_TTS_AZURE_SPEECH_BASE_URL = os.getenv('AUDIO_TTS_AZURE_SPEECH_BASE_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a233be8ebc61b129 Environment-variable access.
repo/backend/open_webui/config.py:1599
AUDIO_TTS_AZURE_SPEECH_OUTPUT_FORMAT = os.getenv(
    'AUDIO_TTS_AZURE_SPEECH_OUTPUT_FORMAT', 'audio-24khz-160kbitrate-mono-mp3'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24cd95cb6b0637ba Environment-variable access.
repo/backend/open_webui/config.py:1603
AUDIO_TTS_MISTRAL_API_KEY = os.getenv('AUDIO_TTS_MISTRAL_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d480ec71fe48605 Environment-variable access.
repo/backend/open_webui/config.py:1605
AUDIO_TTS_MISTRAL_API_BASE_URL = os.getenv('AUDIO_TTS_MISTRAL_API_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a07334aa5ac6b18a Environment-variable access.
repo/backend/open_webui/config.py:1612
WEBUI_URL = os.getenv('WEBUI_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b495f8841bf3bb0 Environment-variable access.
repo/backend/open_webui/config.py:1615
ENABLE_SIGNUP = False if not WEBUI_AUTH else os.getenv('ENABLE_SIGNUP', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16dfe3bef20aa28b Environment-variable access.
repo/backend/open_webui/config.py:1617
ENABLE_LOGIN_FORM = os.getenv('ENABLE_LOGIN_FORM', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ab096eaa126491 Environment-variable access.
repo/backend/open_webui/config.py:1619
ENABLE_PASSWORD_CHANGE_FORM = os.getenv('ENABLE_PASSWORD_CHANGE_FORM', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20ab9315fd2466a9 Environment-variable access.
repo/backend/open_webui/config.py:1621
ENABLE_PASSWORD_AUTH = os.getenv('ENABLE_PASSWORD_AUTH', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34df71e5bb2d73d Environment-variable access.
repo/backend/open_webui/config.py:1623
DEFAULT_LOCALE = os.getenv('DEFAULT_LOCALE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d73c08b80ae96b2 Environment-variable access.
repo/backend/open_webui/config.py:1625
DEFAULT_MODELS = os.getenv('DEFAULT_MODELS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #711d7619f93edcec Environment-variable access.
repo/backend/open_webui/config.py:1627
DEFAULT_PINNED_MODELS = os.getenv('DEFAULT_PINNED_MODELS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f9e87e6424c942d Environment-variable access.
repo/backend/open_webui/config.py:1630
    default_prompt_suggestions = json.loads(os.getenv('DEFAULT_PROMPT_SUGGESTIONS', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2c9a89df7ea9e20 Environment-variable access.
repo/backend/open_webui/config.py:1670
    default_model_metadata = json.loads(os.getenv('DEFAULT_MODEL_METADATA', '{}'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a274452c36509580 Environment-variable access.
repo/backend/open_webui/config.py:1678
    default_model_params = json.loads(os.getenv('DEFAULT_MODEL_PARAMS', '{}'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #363c0e5c3aae57e3 Environment-variable access.
repo/backend/open_webui/config.py:1685
DEFAULT_USER_ROLE = os.getenv('DEFAULT_USER_ROLE', 'pending')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #187150709fc6cfee Environment-variable access.
repo/backend/open_webui/config.py:1687
DEFAULT_GROUP_ID = os.getenv('DEFAULT_GROUP_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2632a452ea15d412 Environment-variable access.
repo/backend/open_webui/config.py:1689
PENDING_USER_OVERLAY_TITLE = os.getenv('PENDING_USER_OVERLAY_TITLE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a735629982b95e6a Environment-variable access.
repo/backend/open_webui/config.py:1691
PENDING_USER_OVERLAY_CONTENT = os.getenv('PENDING_USER_OVERLAY_CONTENT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b2d15964a0f8cec Environment-variable access.
repo/backend/open_webui/config.py:1694
RESPONSE_WATERMARK = os.getenv('RESPONSE_WATERMARK', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed01f12df4475374 Environment-variable access.
repo/backend/open_webui/config.py:1696
IFRAME_CSP = os.getenv('IFRAME_CSP', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61b3c11512d02354 Environment-variable access.
repo/backend/open_webui/config.py:1699
    os.getenv('USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43dea10364f4261f Environment-variable access.
repo/backend/open_webui/config.py:1703
    os.getenv('USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ACCESS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fcbb775201baf0c Environment-variable access.
repo/backend/open_webui/config.py:1707
    os.getenv('USER_PERMISSIONS_WORKSPACE_PROMPTS_ACCESS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d72129d43b4f7c1 Environment-variable access.
repo/backend/open_webui/config.py:1711
    os.getenv('USER_PERMISSIONS_WORKSPACE_TOOLS_ACCESS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01cd756a8aa1b5b0 Environment-variable access.
repo/backend/open_webui/config.py:1715
    os.getenv('USER_PERMISSIONS_WORKSPACE_SKILLS_ACCESS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71ab25897810b0c7 Environment-variable access.
repo/backend/open_webui/config.py:1719
    os.getenv('USER_PERMISSIONS_WORKSPACE_MODELS_IMPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56fa51b5b65b641e Environment-variable access.
repo/backend/open_webui/config.py:1723
    os.getenv('USER_PERMISSIONS_WORKSPACE_MODELS_EXPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b48de5d0395bcf8 Environment-variable access.
repo/backend/open_webui/config.py:1727
    os.getenv('USER_PERMISSIONS_WORKSPACE_PROMPTS_IMPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17a333a56525d691 Environment-variable access.
repo/backend/open_webui/config.py:1731
    os.getenv('USER_PERMISSIONS_WORKSPACE_PROMPTS_EXPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75bbd2781929f4e Environment-variable access.
repo/backend/open_webui/config.py:1735
    os.getenv('USER_PERMISSIONS_WORKSPACE_TOOLS_IMPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fe9ba6d5708bd85 Environment-variable access.
repo/backend/open_webui/config.py:1739
    os.getenv('USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3924c26f161ace7 Environment-variable access.
repo/backend/open_webui/config.py:1743
    os.getenv('USER_PERMISSIONS_WORKSPACE_SKILLS_IMPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237c9c9f5f62db68 Environment-variable access.
repo/backend/open_webui/config.py:1747
    os.getenv('USER_PERMISSIONS_WORKSPACE_SKILLS_EXPORT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c95edbbce70f2c9 Environment-variable access.
repo/backend/open_webui/config.py:1752
    os.getenv('USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac744ade00eb0e29 Environment-variable access.
repo/backend/open_webui/config.py:1756
    os.getenv('USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b8bdf02052f62eb Environment-variable access.
repo/backend/open_webui/config.py:1760
    os.getenv('USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #718e3c9716f6e8ef Environment-variable access.
repo/backend/open_webui/config.py:1764
    os.getenv('USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06e834425be7cb9e Environment-variable access.
repo/backend/open_webui/config.py:1768
    os.getenv('USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c56b1b18da572ec Environment-variable access.
repo/backend/open_webui/config.py:1772
    os.getenv('USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49e3fdd904a44a93 Environment-variable access.
repo/backend/open_webui/config.py:1777
    os.getenv('USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #841fb8bb86af9f7b Environment-variable access.
repo/backend/open_webui/config.py:1781
    os.getenv('USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caf03d2173f7f7ca Environment-variable access.
repo/backend/open_webui/config.py:1785
    os.getenv('USER_PERMISSIONS_WORKSPACE_SKILLS_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c756a0daac2f7a28 Environment-variable access.
repo/backend/open_webui/config.py:1789
    os.getenv('USER_PERMISSIONS_WORKSPACE_SKILLS_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9aeb4c7dc4b32190 Environment-variable access.
repo/backend/open_webui/config.py:1793
USER_PERMISSIONS_NOTES_ALLOW_SHARING = os.getenv('USER_PERMISSIONS_NOTES_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd330635ea60ea39 Environment-variable access.
repo/backend/open_webui/config.py:1796
    os.getenv('USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52c500deb46f299b Environment-variable access.
repo/backend/open_webui/config.py:1799
USER_PERMISSIONS_FOLDERS_ALLOW_SHARING = os.getenv('USER_PERMISSIONS_FOLDERS_ALLOW_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bbfbb7f660725bc Environment-variable access.
repo/backend/open_webui/config.py:1803
    os.getenv('USER_PERMISSIONS_CALENDAR_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b7ee3955651e383 Environment-variable access.
repo/backend/open_webui/config.py:1807
    os.getenv('USER_PERMISSIONS_ACCESS_GRANTS_ALLOW_USERS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab88df5773aeb633 Environment-variable access.
repo/backend/open_webui/config.py:1811
USER_PERMISSIONS_CHAT_CONTROLS = os.getenv('USER_PERMISSIONS_CHAT_CONTROLS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12aa34f36009ce92 Environment-variable access.
repo/backend/open_webui/config.py:1813
USER_PERMISSIONS_CHAT_VALVES = os.getenv('USER_PERMISSIONS_CHAT_VALVES', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b31a33b850050e2 Environment-variable access.
repo/backend/open_webui/config.py:1815
USER_PERMISSIONS_CHAT_SYSTEM_PROMPT = os.getenv('USER_PERMISSIONS_CHAT_SYSTEM_PROMPT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56f9035fc8ea1479 Environment-variable access.
repo/backend/open_webui/config.py:1817
USER_PERMISSIONS_CHAT_PARAMS = os.getenv('USER_PERMISSIONS_CHAT_PARAMS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2331cb0437b9de4 Environment-variable access.
repo/backend/open_webui/config.py:1819
USER_PERMISSIONS_CHAT_FILE_UPLOAD = os.getenv('USER_PERMISSIONS_CHAT_FILE_UPLOAD', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #534b6437d9c73e78 Environment-variable access.
repo/backend/open_webui/config.py:1821
USER_PERMISSIONS_CHAT_WEB_UPLOAD = os.getenv('USER_PERMISSIONS_CHAT_WEB_UPLOAD', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0663891fae273fe Environment-variable access.
repo/backend/open_webui/config.py:1823
USER_PERMISSIONS_CHAT_DELETE = os.getenv('USER_PERMISSIONS_CHAT_DELETE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f21e7002bb1f7528 Environment-variable access.
repo/backend/open_webui/config.py:1825
USER_PERMISSIONS_CHAT_DELETE_MESSAGE = os.getenv('USER_PERMISSIONS_CHAT_DELETE_MESSAGE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45c022d61f646ce Environment-variable access.
repo/backend/open_webui/config.py:1827
USER_PERMISSIONS_CHAT_CONTINUE_RESPONSE = os.getenv('USER_PERMISSIONS_CHAT_CONTINUE_RESPONSE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42c5697a996680e9 Environment-variable access.
repo/backend/open_webui/config.py:1830
    os.getenv('USER_PERMISSIONS_CHAT_REGENERATE_RESPONSE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f7ef0d7d3df842e Environment-variable access.
repo/backend/open_webui/config.py:1833
USER_PERMISSIONS_CHAT_RATE_RESPONSE = os.getenv('USER_PERMISSIONS_CHAT_RATE_RESPONSE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41866c8ff3edc884 Environment-variable access.
repo/backend/open_webui/config.py:1835
USER_PERMISSIONS_CHAT_EDIT = os.getenv('USER_PERMISSIONS_CHAT_EDIT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6170e288280f8efa Environment-variable access.
repo/backend/open_webui/config.py:1837
USER_PERMISSIONS_CHAT_SHARE = os.getenv('USER_PERMISSIONS_CHAT_SHARE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42067c50d60a3d44 Environment-variable access.
repo/backend/open_webui/config.py:1840
    os.getenv('USER_PERMISSIONS_CHAT_ALLOW_PUBLIC_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e79441444b6b042 Environment-variable access.
repo/backend/open_webui/config.py:1843
USER_PERMISSIONS_CHAT_EXPORT = os.getenv('USER_PERMISSIONS_CHAT_EXPORT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2843c914d527f3c5 Environment-variable access.
repo/backend/open_webui/config.py:1845
USER_PERMISSIONS_CHAT_IMPORT = os.getenv('USER_PERMISSIONS_CHAT_IMPORT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d00c92fcd2241322 Environment-variable access.
repo/backend/open_webui/config.py:1847
USER_PERMISSIONS_CHAT_STT = os.getenv('USER_PERMISSIONS_CHAT_STT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81b925f4735b0ce9 Environment-variable access.
repo/backend/open_webui/config.py:1849
USER_PERMISSIONS_CHAT_TTS = os.getenv('USER_PERMISSIONS_CHAT_TTS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dd3a5d40d25bb7d Environment-variable access.
repo/backend/open_webui/config.py:1851
USER_PERMISSIONS_CHAT_CALL = os.getenv('USER_PERMISSIONS_CHAT_CALL', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2196d0a9fbde6a29 Environment-variable access.
repo/backend/open_webui/config.py:1853
USER_PERMISSIONS_CHAT_MULTIPLE_MODELS = os.getenv('USER_PERMISSIONS_CHAT_MULTIPLE_MODELS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fdbfaaa14d7c010 Environment-variable access.
repo/backend/open_webui/config.py:1855
USER_PERMISSIONS_CHAT_TEMPORARY = os.getenv('USER_PERMISSIONS_CHAT_TEMPORARY', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bb3cf633a222ef5 Environment-variable access.
repo/backend/open_webui/config.py:1858
    os.getenv('USER_PERMISSIONS_CHAT_TEMPORARY_ENFORCED', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24c5a363a7075a18 Environment-variable access.
repo/backend/open_webui/config.py:1863
    os.getenv('USER_PERMISSIONS_FEATURES_DIRECT_TOOL_SERVERS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2676c77d925a388 Environment-variable access.
repo/backend/open_webui/config.py:1866
USER_PERMISSIONS_FEATURES_WEB_SEARCH = os.getenv('USER_PERMISSIONS_FEATURES_WEB_SEARCH', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f8dffbb52eec489 Environment-variable access.
repo/backend/open_webui/config.py:1869
    os.getenv('USER_PERMISSIONS_FEATURES_IMAGE_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c9501643790daec Environment-variable access.
repo/backend/open_webui/config.py:1873
    os.getenv('USER_PERMISSIONS_FEATURES_CODE_INTERPRETER', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #891607743a6c37c1 Environment-variable access.
repo/backend/open_webui/config.py:1876
USER_PERMISSIONS_FEATURES_FOLDERS = os.getenv('USER_PERMISSIONS_FEATURES_FOLDERS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34b5fdb5e64285e6 Environment-variable access.
repo/backend/open_webui/config.py:1878
USER_PERMISSIONS_FEATURES_NOTES = os.getenv('USER_PERMISSIONS_FEATURES_NOTES', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #917018dd4450d2de Environment-variable access.
repo/backend/open_webui/config.py:1880
USER_PERMISSIONS_FEATURES_CHANNELS = os.getenv('USER_PERMISSIONS_FEATURES_CHANNELS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7198f0dbe39abae3 Environment-variable access.
repo/backend/open_webui/config.py:1882
USER_PERMISSIONS_FEATURES_API_KEYS = os.getenv('USER_PERMISSIONS_FEATURES_API_KEYS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1697b9a77bbbee99 Environment-variable access.
repo/backend/open_webui/config.py:1884
USER_PERMISSIONS_FEATURES_MEMORIES = os.getenv('USER_PERMISSIONS_FEATURES_MEMORIES', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92fda7c34c8ca8e5 Environment-variable access.
repo/backend/open_webui/config.py:1886
USER_PERMISSIONS_FEATURES_AUTOMATIONS = os.getenv('USER_PERMISSIONS_FEATURES_AUTOMATIONS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2442ace42aa6bae8 Environment-variable access.
repo/backend/open_webui/config.py:1888
USER_PERMISSIONS_FEATURES_CALENDAR = os.getenv('USER_PERMISSIONS_FEATURES_CALENDAR', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bde76ad8398fbbab Environment-variable access.
repo/backend/open_webui/config.py:1891
    os.getenv('USER_PERMISSIONS_FEATURES_USER_WEBHOOKS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c4d59fcefed713d Environment-variable access.
repo/backend/open_webui/config.py:1895
USER_PERMISSIONS_SETTINGS_INTERFACE = os.getenv('USER_PERMISSIONS_SETTINGS_INTERFACE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #548ddc37df5bfe84 Environment-variable access.
repo/backend/open_webui/config.py:1980
ENABLE_FOLDERS = os.getenv('ENABLE_FOLDERS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #169a7cb0c2e0344f Environment-variable access.
repo/backend/open_webui/config.py:1982
FOLDER_MAX_FILE_COUNT = os.getenv('FOLDER_MAX_FILE_COUNT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e23b8534b81c33ca Environment-variable access.
repo/backend/open_webui/config.py:1984
ENABLE_CHANNELS = os.getenv('ENABLE_CHANNELS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #118e35ada776b7d2 Environment-variable access.
repo/backend/open_webui/config.py:1986
ENABLE_CALENDAR = os.getenv('ENABLE_CALENDAR', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #443cf08640d3c57e Environment-variable access.
repo/backend/open_webui/config.py:1988
ENABLE_AUTOMATIONS = os.getenv('ENABLE_AUTOMATIONS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5916f5da82ec1c64 Environment-variable access.
repo/backend/open_webui/config.py:1990
AUTOMATION_MAX_COUNT = os.getenv('AUTOMATION_MAX_COUNT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #957db447fcbfda6b Environment-variable access.
repo/backend/open_webui/config.py:1992
AUTOMATION_MIN_INTERVAL = os.getenv('AUTOMATION_MIN_INTERVAL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2acb61df5a4b330c Environment-variable access.
repo/backend/open_webui/config.py:1994
AUTOMATION_AUTH_TOKEN_EXPIRES_IN = os.getenv('AUTOMATION_AUTH_TOKEN_EXPIRES_IN', '1h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab76e061d0b6ea8f Environment-variable access.
repo/backend/open_webui/config.py:1996
ENABLE_NOTES = os.getenv('ENABLE_NOTES', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58e76b2788ea9f14 Environment-variable access.
repo/backend/open_webui/config.py:1998
ENABLE_USER_STATUS = os.getenv('ENABLE_USER_STATUS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4960962ccd600b37 Environment-variable access.
repo/backend/open_webui/config.py:2000
ENABLE_EVALUATION_ARENA_MODELS = os.getenv('ENABLE_EVALUATION_ARENA_MODELS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f180303b55a0ce84 Environment-variable access.
repo/backend/open_webui/config.py:2002
    evaluation_arena_models = json.loads(os.getenv('EVALUATION_ARENA_MODELS', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f46f20a2f4065a27 Environment-variable access.
repo/backend/open_webui/config.py:2023
WEBHOOK_URL = os.getenv('WEBHOOK_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d4787d47baeb80 Environment-variable access.
repo/backend/open_webui/config.py:2025
ENABLE_ADMIN_EXPORT = os.getenv('ENABLE_ADMIN_EXPORT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d445aed52c4637 Environment-variable access.
repo/backend/open_webui/config.py:2027
ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS = os.getenv('ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79bbaa1aff2f72bb Environment-variable access.
repo/backend/open_webui/config.py:2030
    os.getenv(
        'BYPASS_ADMIN_ACCESS_CONTROL',
        os.getenv('ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS', 'True'),
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccc776dfe1d5bd11 Environment-variable access.
repo/backend/open_webui/config.py:2032
        os.getenv('ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS', 'True'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c006a2c7056135d8 Environment-variable access.
repo/backend/open_webui/config.py:2037
ENABLE_ADMIN_CHAT_ACCESS = os.getenv('ENABLE_ADMIN_CHAT_ACCESS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da77c4288939dcf8 Environment-variable access.
repo/backend/open_webui/config.py:2039
ENABLE_ADMIN_ANALYTICS = os.getenv('ENABLE_ADMIN_ANALYTICS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c36ebdcf240f6ad5 Environment-variable access.
repo/backend/open_webui/config.py:2041
ENABLE_COMMUNITY_SHARING = os.getenv('ENABLE_COMMUNITY_SHARING', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a48947d9fda94d35 Environment-variable access.
repo/backend/open_webui/config.py:2043
ENABLE_MESSAGE_RATING = os.getenv('ENABLE_MESSAGE_RATING', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c6fc578425ee8aa Environment-variable access.
repo/backend/open_webui/config.py:2045
ENABLE_USER_WEBHOOKS = os.getenv('ENABLE_USER_WEBHOOKS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9379500bfde69d06 Environment-variable access.
repo/backend/open_webui/config.py:2048
THREAD_POOL_SIZE = os.getenv('THREAD_POOL_SIZE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ed1564062565607 Environment-variable access.
repo/backend/open_webui/config.py:2078
CORS_ALLOW_ORIGIN = os.getenv('CORS_ALLOW_ORIGIN', '*').split(';')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be8d2dfb4345d25f Environment-variable access.
repo/backend/open_webui/config.py:2083
CORS_ALLOW_CUSTOM_SCHEME = os.getenv('CORS_ALLOW_CUSTOM_SCHEME', '').split(';')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f916e5e3eeddd257 Environment-variable access.
repo/backend/open_webui/config.py:2104
    banners = json.loads(os.getenv('WEBUI_BANNERS', '[]'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dec2ecb4e65b070d Environment-variable access.
repo/backend/open_webui/config.py:2113
SHOW_ADMIN_DETAILS = os.getenv('SHOW_ADMIN_DETAILS', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23ea7bc099b55e6 Environment-variable access.
repo/backend/open_webui/config.py:2115
ADMIN_EMAIL = os.getenv('ADMIN_EMAIL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c2fe0ff5368d0e Environment-variable access.
repo/backend/open_webui/config.py:2123
TASK_MODEL = os.getenv('TASK_MODEL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #780a476f738dbe46 Environment-variable access.
repo/backend/open_webui/config.py:2125
TASK_MODEL_EXTERNAL = os.getenv('TASK_MODEL_EXTERNAL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e595447ffc9399d2 Environment-variable access.
repo/backend/open_webui/config.py:2127
ENABLE_CONTEXT_COMPACTION = os.getenv('ENABLE_CONTEXT_COMPACTION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4ad1026d30866d7 Environment-variable access.
repo/backend/open_webui/config.py:2129
CONTEXT_COMPACTION_TOKEN_THRESHOLD = int(os.getenv('CONTEXT_COMPACTION_TOKEN_THRESHOLD', '80000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7e4f99074a5ca0f Environment-variable access.
repo/backend/open_webui/config.py:2131
CONTEXT_COMPACTION_PROMPT_TEMPLATE = os.getenv('CONTEXT_COMPACTION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5103149857efdc35 Environment-variable access.
repo/backend/open_webui/config.py:2133
TITLE_GENERATION_PROMPT_TEMPLATE = os.getenv('TITLE_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8afb602485db4afc Environment-variable access.
repo/backend/open_webui/config.py:2159
TAGS_GENERATION_PROMPT_TEMPLATE = os.getenv('TAGS_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c52529c8d5bfe66 Environment-variable access.
repo/backend/open_webui/config.py:2179
IMAGE_PROMPT_GENERATION_PROMPT_TEMPLATE = os.getenv('IMAGE_PROMPT_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd6de83febd19bc5 Environment-variable access.
repo/backend/open_webui/config.py:2202
FOLLOW_UP_GENERATION_PROMPT_TEMPLATE = os.getenv('FOLLOW_UP_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05e7679298b1318b Environment-variable access.
repo/backend/open_webui/config.py:2220
ENABLE_FOLLOW_UP_GENERATION = os.getenv('ENABLE_FOLLOW_UP_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a0c78976966c0f8 Environment-variable access.
repo/backend/open_webui/config.py:2222
ENABLE_TAGS_GENERATION = os.getenv('ENABLE_TAGS_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51fe0964e0d853e4 Environment-variable access.
repo/backend/open_webui/config.py:2224
ENABLE_TITLE_GENERATION = os.getenv('ENABLE_TITLE_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2fe4eac4b409d86 Environment-variable access.
repo/backend/open_webui/config.py:2227
ENABLE_SEARCH_QUERY_GENERATION = os.getenv('ENABLE_SEARCH_QUERY_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b05261f445124d1 Environment-variable access.
repo/backend/open_webui/config.py:2229
ENABLE_RETRIEVAL_QUERY_GENERATION = os.getenv('ENABLE_RETRIEVAL_QUERY_GENERATION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e87e29a5f08bcdf6 Environment-variable access.
repo/backend/open_webui/config.py:2232
QUERY_GENERATION_PROMPT_TEMPLATE = os.getenv('QUERY_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d6f6447e42a2e77 Environment-variable access.
repo/backend/open_webui/config.py:2258
ENABLE_AUTOCOMPLETE_GENERATION = os.getenv('ENABLE_AUTOCOMPLETE_GENERATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3336894eacfd48c Environment-variable access.
repo/backend/open_webui/config.py:2260
AUTOCOMPLETE_GENERATION_INPUT_MAX_LENGTH = int(os.getenv('AUTOCOMPLETE_GENERATION_INPUT_MAX_LENGTH', '-1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #885b85689f6c5aac Environment-variable access.
repo/backend/open_webui/config.py:2262
AUTOCOMPLETE_GENERATION_PROMPT_TEMPLATE = os.getenv('AUTOCOMPLETE_GENERATION_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed7de54d37bacfaf Environment-variable access.
repo/backend/open_webui/config.py:2308
VOICE_MODE_PROMPT_TEMPLATE = os.getenv('VOICE_MODE_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f90f6206f653d7 Environment-variable access.
repo/backend/open_webui/config.py:2310
ENABLE_VOICE_MODE_PROMPT = os.getenv('ENABLE_VOICE_MODE_PROMPT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81e43c47f573b772 Environment-variable access.
repo/backend/open_webui/config.py:2337
TOOLS_FUNCTION_CALLING_PROMPT_TEMPLATE = os.getenv('TOOLS_FUNCTION_CALLING_PROMPT_TEMPLATE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc1d0f6506272a64 Environment-variable access.
repo/backend/open_webui/config.py:2379
ENABLE_API_KEYS = os.getenv('ENABLE_API_KEYS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3a70514ddd658f2 Environment-variable access.
repo/backend/open_webui/config.py:2382
    os.getenv(
        'ENABLE_API_KEYS_ENDPOINT_RESTRICTIONS',
        os.getenv('ENABLE_API_KEY_ENDPOINT_RESTRICTIONS', 'False'),
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b20ac5ad1c966f34 Environment-variable access.
repo/backend/open_webui/config.py:2384
        os.getenv('ENABLE_API_KEY_ENDPOINT_RESTRICTIONS', 'False'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6a30a0f5e983922 Environment-variable access.
repo/backend/open_webui/config.py:2389
API_KEYS_ALLOWED_ENDPOINTS = os.getenv('API_KEYS_ALLOWED_ENDPOINTS', os.getenv('API_KEY_ALLOWED_ENDPOINTS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e8b9a0dbcc523d5 Environment-variable access.
repo/backend/open_webui/config.py:2391
JWT_EXPIRES_IN = os.getenv('JWT_EXPIRES_IN', '4w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #679acdb607d84280 Environment-variable access.
repo/backend/open_webui/config.py:2403
ENABLE_OAUTH_SIGNUP = os.getenv('ENABLE_OAUTH_SIGNUP', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd660e05a44a3364 Environment-variable access.
repo/backend/open_webui/config.py:2405
OAUTH_AUTO_REDIRECT = os.getenv('OAUTH_AUTO_REDIRECT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11cfbef7ea72c42a Environment-variable access.
repo/backend/open_webui/config.py:2407
OAUTH_REFRESH_TOKEN_INCLUDE_SCOPE = os.getenv('OAUTH_REFRESH_TOKEN_INCLUDE_SCOPE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d0e81c0909d14d Environment-variable access.
repo/backend/open_webui/config.py:2410
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = os.getenv('OAUTH_MERGE_ACCOUNTS_BY_EMAIL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296f00eab637fb69 Environment-variable access.
repo/backend/open_webui/config.py:2414
GOOGLE_CLIENT_ID = os.getenv('GOOGLE_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccc15bc5225aa995 Environment-variable access.
repo/backend/open_webui/config.py:2416
GOOGLE_CLIENT_SECRET = os.getenv('GOOGLE_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d03674a1d09579 Environment-variable access.
repo/backend/open_webui/config.py:2419
GOOGLE_OAUTH_SCOPE = os.getenv('GOOGLE_OAUTH_SCOPE', 'openid email profile')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91f2f6aa45fe6d94 Environment-variable access.
repo/backend/open_webui/config.py:2421
GOOGLE_REDIRECT_URI = os.getenv('GOOGLE_REDIRECT_URI', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #666cbe6928cc1a4e Environment-variable access.
repo/backend/open_webui/config.py:2424
_google_oauth_authorize_params = os.getenv('GOOGLE_OAUTH_AUTHORIZE_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cebeb60b4e2c354e Environment-variable access.
repo/backend/open_webui/config.py:2435
MICROSOFT_CLIENT_ID = os.getenv('MICROSOFT_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26441b6d378fce2f Environment-variable access.
repo/backend/open_webui/config.py:2437
MICROSOFT_CLIENT_SECRET = os.getenv('MICROSOFT_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e526f7ad98444e05 Environment-variable access.
repo/backend/open_webui/config.py:2439
MICROSOFT_CLIENT_TENANT_ID = os.getenv('MICROSOFT_CLIENT_TENANT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #126e87ca56568c38 Environment-variable access.
repo/backend/open_webui/config.py:2441
MICROSOFT_CLIENT_LOGIN_BASE_URL = os.getenv('MICROSOFT_CLIENT_LOGIN_BASE_URL', 'https://login.microsoftonline.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3c20cf856f6692f Environment-variable access.
repo/backend/open_webui/config.py:2443
MICROSOFT_CLIENT_PICTURE_URL = os.getenv(
    'MICROSOFT_CLIENT_PICTURE_URL',
    'https://graph.microsoft.com/v1.0/me/photo/$value',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e1a6b33a4400a59 Environment-variable access.
repo/backend/open_webui/config.py:2449
MICROSOFT_OAUTH_SCOPE = os.getenv('MICROSOFT_OAUTH_SCOPE', 'openid email profile')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbad9f873d9a0cd1 Environment-variable access.
repo/backend/open_webui/config.py:2451
MICROSOFT_REDIRECT_URI = os.getenv('MICROSOFT_REDIRECT_URI', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e6bdf92d751d0d8 Environment-variable access.
repo/backend/open_webui/config.py:2453
GITHUB_CLIENT_ID = os.getenv('GITHUB_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2222519fb7cbd704 Environment-variable access.
repo/backend/open_webui/config.py:2455
GITHUB_CLIENT_SECRET = os.getenv('GITHUB_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc2e04c5d73a4ba1 Environment-variable access.
repo/backend/open_webui/config.py:2457
GITHUB_CLIENT_SCOPE = os.getenv('GITHUB_CLIENT_SCOPE', 'user:email')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19a8a3edf1821395 Environment-variable access.
repo/backend/open_webui/config.py:2459
GITHUB_CLIENT_REDIRECT_URI = os.getenv('GITHUB_CLIENT_REDIRECT_URI', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #497b50594c9b026c Environment-variable access.
repo/backend/open_webui/config.py:2461
OAUTH_CLIENT_ID = os.getenv('OAUTH_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06783d1a3cf50a39 Environment-variable access.
repo/backend/open_webui/config.py:2463
OAUTH_CLIENT_SECRET = os.getenv('OAUTH_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f107be797a25d7 Environment-variable access.
repo/backend/open_webui/config.py:2465
OPENID_PROVIDER_URL = os.getenv('OPENID_PROVIDER_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3061b20f751b9cb Environment-variable access.
repo/backend/open_webui/config.py:2467
OPENID_END_SESSION_ENDPOINT = os.getenv('OPENID_END_SESSION_ENDPOINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21d1949c7a059944 Environment-variable access.
repo/backend/open_webui/config.py:2469
OPENID_REDIRECT_URI = os.getenv('OPENID_REDIRECT_URI', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1db9bdc35b759c0f Environment-variable access.
repo/backend/open_webui/config.py:2471
OAUTH_SCOPES = os.getenv('OAUTH_SCOPES', 'openid email profile')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #957319f7a764c8da Environment-variable access.
repo/backend/open_webui/config.py:2473
OAUTH_TIMEOUT = os.getenv('OAUTH_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f3b88b05fb167b1 Environment-variable access.
repo/backend/open_webui/config.py:2475
OAUTH_TOKEN_ENDPOINT_AUTH_METHOD = os.getenv('OAUTH_TOKEN_ENDPOINT_AUTH_METHOD', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed2046493f3d3791 Environment-variable access.
repo/backend/open_webui/config.py:2477
OAUTH_CODE_CHALLENGE_METHOD = os.getenv('OAUTH_CODE_CHALLENGE_METHOD', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7917bc62d1864c00 Environment-variable access.
repo/backend/open_webui/config.py:2479
OAUTH_PROVIDER_NAME = os.getenv('OAUTH_PROVIDER_NAME', 'SSO')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1146fe142805fac3 Environment-variable access.
repo/backend/open_webui/config.py:2481
OAUTH_SUB_CLAIM = os.getenv('OAUTH_SUB_CLAIM', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #709dab4be76a8573 Environment-variable access.
repo/backend/open_webui/config.py:2483
OAUTH_USERNAME_CLAIM = os.getenv('OAUTH_USERNAME_CLAIM', 'name')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #077ec8c36d9d5787 Environment-variable access.
repo/backend/open_webui/config.py:2486
OAUTH_PICTURE_CLAIM = os.getenv('OAUTH_PICTURE_CLAIM', 'picture')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b22e4fa8728b273 Environment-variable access.
repo/backend/open_webui/config.py:2488
OAUTH_EMAIL_CLAIM = os.getenv('OAUTH_EMAIL_CLAIM', 'email')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170d2995dd554b10 Environment-variable access.
repo/backend/open_webui/config.py:2490
OAUTH_GROUPS_CLAIM = os.getenv('OAUTH_GROUPS_CLAIM', os.getenv('OAUTH_GROUP_CLAIM', 'groups'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e37d99d499cdc804 Environment-variable access.
repo/backend/open_webui/config.py:2492
FEISHU_CLIENT_ID = os.getenv('FEISHU_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0acb9d5561449b9 Environment-variable access.
repo/backend/open_webui/config.py:2494
FEISHU_CLIENT_SECRET = os.getenv('FEISHU_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d5368bf642fd1f Environment-variable access.
repo/backend/open_webui/config.py:2496
FEISHU_OAUTH_SCOPE = os.getenv('FEISHU_OAUTH_SCOPE', 'contact:user.base:readonly')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81f3c4bb77fa99f1 Environment-variable access.
repo/backend/open_webui/config.py:2498
FEISHU_REDIRECT_URI = os.getenv('FEISHU_REDIRECT_URI', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba400411e640cccd Environment-variable access.
repo/backend/open_webui/config.py:2500
ENABLE_OAUTH_ROLE_MANAGEMENT = os.getenv('ENABLE_OAUTH_ROLE_MANAGEMENT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d374b3f9140714cc Environment-variable access.
repo/backend/open_webui/config.py:2502
ENABLE_OAUTH_GROUP_MANAGEMENT = os.getenv('ENABLE_OAUTH_GROUP_MANAGEMENT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb6ffb034c70e2ef Environment-variable access.
repo/backend/open_webui/config.py:2504
ENABLE_OAUTH_GROUP_CREATION = os.getenv('ENABLE_OAUTH_GROUP_CREATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7c263dfdc89f61e Environment-variable access.
repo/backend/open_webui/config.py:2507
oauth_group_default_share = os.getenv('OAUTH_GROUP_DEFAULT_SHARE', 'true').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c99a8635f523e62b Environment-variable access.
repo/backend/open_webui/config.py:2511
OAUTH_BLOCKED_GROUPS = os.getenv('OAUTH_BLOCKED_GROUPS', '[]')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4477db5989a38e6f Environment-variable access.
repo/backend/open_webui/config.py:2513
OAUTH_GROUPS_SEPARATOR = os.getenv('OAUTH_GROUPS_SEPARATOR', ';')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3737b3d4d80a2f2d Environment-variable access.
repo/backend/open_webui/config.py:2515
OAUTH_ROLES_CLAIM = os.getenv('OAUTH_ROLES_CLAIM', 'roles')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5aee72de79a12a94 Environment-variable access.
repo/backend/open_webui/config.py:2517
OAUTH_ROLES_SEPARATOR = os.getenv('OAUTH_ROLES_SEPARATOR', ',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15500ae2012ffe79 Environment-variable access.
repo/backend/open_webui/config.py:2521
    for role in os.getenv('OAUTH_ALLOWED_ROLES', f'user{OAUTH_ROLES_SEPARATOR}admin').split(OAUTH_ROLES_SEPARATOR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7ad9180e39805f1 Environment-variable access.
repo/backend/open_webui/config.py:2526
    role.strip() for role in os.getenv('OAUTH_ADMIN_ROLES', 'admin').split(OAUTH_ROLES_SEPARATOR) if role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f28523541d9d86c9 Environment-variable access.
repo/backend/open_webui/config.py:2529
OAUTH_ALLOWED_DOMAINS = [domain.strip() for domain in os.getenv('OAUTH_ALLOWED_DOMAINS', '*').split(',')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d0d7a4e0b6deafe Environment-variable access.
repo/backend/open_webui/config.py:2531
OAUTH_UPDATE_PICTURE_ON_LOGIN = os.getenv('OAUTH_UPDATE_PICTURE_ON_LOGIN', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #401011838fa11ee9 Environment-variable access.
repo/backend/open_webui/config.py:2533
OAUTH_UPDATE_NAME_ON_LOGIN = os.getenv('OAUTH_UPDATE_NAME_ON_LOGIN', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cc887884768cfd4 Environment-variable access.
repo/backend/open_webui/config.py:2535
OAUTH_UPDATE_EMAIL_ON_LOGIN = os.getenv('OAUTH_UPDATE_EMAIL_ON_LOGIN', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #766a70958e142588 Environment-variable access.
repo/backend/open_webui/config.py:2538
    os.getenv('OAUTH_ACCESS_TOKEN_REQUEST_INCLUDE_CLIENT_ID', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #613036a3663e27ad Environment-variable access.
repo/backend/open_webui/config.py:2541
OAUTH_AUDIENCE = os.getenv('OAUTH_AUDIENCE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #147d6043a34dea30 Environment-variable access.
repo/backend/open_webui/config.py:2544
_oauth_authorize_params = os.getenv('OAUTH_AUTHORIZE_PARAMS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b95f332e1e638db4 Environment-variable access.
repo/backend/open_webui/config.py:2711
ENABLE_LDAP = os.getenv('ENABLE_LDAP', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0610f81bd0c3c980 Environment-variable access.
repo/backend/open_webui/config.py:2713
LDAP_SERVER_LABEL = os.getenv('LDAP_SERVER_LABEL', 'LDAP Server')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d22c1028e194f73c Environment-variable access.
repo/backend/open_webui/config.py:2715
LDAP_SERVER_HOST = os.getenv('LDAP_SERVER_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2a7e7c2c02046d8 Environment-variable access.
repo/backend/open_webui/config.py:2717
LDAP_SERVER_PORT = int(os.getenv('LDAP_SERVER_PORT', '389'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bfc4a987034d70e Environment-variable access.
repo/backend/open_webui/config.py:2719
LDAP_ATTRIBUTE_FOR_MAIL = os.getenv('LDAP_ATTRIBUTE_FOR_MAIL', 'mail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9449469cfb0fc113 Environment-variable access.
repo/backend/open_webui/config.py:2721
LDAP_ATTRIBUTE_FOR_USERNAME = os.getenv('LDAP_ATTRIBUTE_FOR_USERNAME', 'uid')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f28eb1757a21694e Environment-variable access.
repo/backend/open_webui/config.py:2723
LDAP_APP_DN = os.getenv('LDAP_APP_DN', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #909b1bf862977c23 Environment-variable access.
repo/backend/open_webui/config.py:2725
LDAP_APP_PASSWORD = os.getenv('LDAP_APP_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b7ba7df6543f3e7 Environment-variable access.
repo/backend/open_webui/config.py:2727
LDAP_SEARCH_BASE = os.getenv('LDAP_SEARCH_BASE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db33e25e6bd1dbd4 Environment-variable access.
repo/backend/open_webui/config.py:2729
LDAP_SEARCH_FILTERS = os.getenv('LDAP_SEARCH_FILTER', os.getenv('LDAP_SEARCH_FILTERS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf6dcfaeb836cec Environment-variable access.
repo/backend/open_webui/config.py:2731
LDAP_USE_TLS = os.getenv('LDAP_USE_TLS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f627cad435bc1c33 Environment-variable access.
repo/backend/open_webui/config.py:2733
LDAP_CA_CERT_FILE = os.getenv('LDAP_CA_CERT_FILE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c87d8781409dc62 Environment-variable access.
repo/backend/open_webui/config.py:2735
LDAP_VALIDATE_CERT = os.getenv('LDAP_VALIDATE_CERT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a53e0af2d6678ba Environment-variable access.
repo/backend/open_webui/config.py:2737
LDAP_CIPHERS = os.getenv('LDAP_CIPHERS', 'ALL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #115ebf12fe5c66f3 Environment-variable access.
repo/backend/open_webui/config.py:2739
ENABLE_LDAP_GROUP_MANAGEMENT = os.getenv('ENABLE_LDAP_GROUP_MANAGEMENT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91b7ce74e381ded6 Environment-variable access.
repo/backend/open_webui/config.py:2741
ENABLE_LDAP_GROUP_CREATION = os.getenv('ENABLE_LDAP_GROUP_CREATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96852a571acc13f3 Environment-variable access.
repo/backend/open_webui/config.py:2743
LDAP_ATTRIBUTE_FOR_GROUPS = os.getenv('LDAP_ATTRIBUTE_FOR_GROUPS', 'memberOf')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b6ff7652a9d3651 Environment-variable access.
repo/backend/open_webui/config.py:3129
ENABLE_PERSISTENT_CONFIG = os.getenv('ENABLE_PERSISTENT_CONFIG', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca3f81abaf6bac25 Environment-variable access.
repo/backend/open_webui/config.py:3130
ENABLE_OAUTH_PERSISTENT_CONFIG = os.getenv('ENABLE_OAUTH_PERSISTENT_CONFIG', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #104ef91d4aa7dea0 Environment-variable access.
repo/backend/open_webui/env.py:42
DOCKER = os.getenv('DOCKER', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34b032f55c7d3da2 Environment-variable access.
repo/backend/open_webui/env.py:44
USE_CUDA = os.getenv('USE_CUDA_DOCKER', 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f17fd021180f9d7 Environment-variable access.
repo/backend/open_webui/env.py:57
        os.environ['USE_CUDA_DOCKER'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75ff60d8b2ee5312 Environment-variable access.
repo/backend/open_webui/env.py:104
LOG_FORMAT = os.getenv('LOG_FORMAT', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f432a63c71ba2e1 Environment-variable access.
repo/backend/open_webui/env.py:106
GLOBAL_LOG_LEVEL = os.getenv('GLOBAL_LOG_LEVEL', '').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a85edde5d51fd0b9 Environment-variable access.
repo/backend/open_webui/env.py:132
ENV = os.getenv('ENV', 'dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d606d74a9996fb3 Environment-variable access.
repo/backend/open_webui/env.py:134
FROM_INIT_PY = os.getenv('FROM_INIT_PY', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7fb4cf175e68a9d Filesystem access.
repo/backend/open_webui/env.py:140
        PACKAGE_DATA = json.loads((BASE_DIR / 'package.json').read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671ca52241926f51 Environment-variable access.
repo/backend/open_webui/env.py:147
DEPLOYMENT_ID = os.getenv('DEPLOYMENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da3c1e04f31597a0 Environment-variable access.
repo/backend/open_webui/env.py:148
INSTANCE_ID = os.getenv('INSTANCE_ID', str(uuid4()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2e3987ae046f864 Environment-variable access.
repo/backend/open_webui/env.py:150
ENABLE_DB_MIGRATIONS = os.getenv('ENABLE_DB_MIGRATIONS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5bea358a759ea74 Filesystem access.
repo/backend/open_webui/env.py:174
    with open(str(changelog_path.absolute()), encoding='utf8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69a42244faf8b79b Environment-variable access.
repo/backend/open_webui/env.py:216
DATA_DIR = Path(os.getenv('DATA_DIR', BACKEND_DIR / 'data')).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37cbfa03d4551afd Environment-variable access.
repo/backend/open_webui/env.py:219
    NEW_DATA_DIR = Path(os.getenv('DATA_DIR', OPEN_WEBUI_DIR / 'data')).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef171cf8cc78988 Environment-variable access.
repo/backend/open_webui/env.py:238
    DATA_DIR = Path(os.getenv('DATA_DIR', OPEN_WEBUI_DIR / 'data'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #111eb50e0b0f7db8 Environment-variable access.
repo/backend/open_webui/env.py:240
STATIC_DIR = Path(os.getenv('STATIC_DIR', OPEN_WEBUI_DIR / 'static'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e97e28e4a276fc Environment-variable access.
repo/backend/open_webui/env.py:242
FONTS_DIR = Path(os.getenv('FONTS_DIR', OPEN_WEBUI_DIR / 'static' / 'fonts'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbbec8f86ac21ef8 Environment-variable access.
repo/backend/open_webui/env.py:244
FRONTEND_BUILD_DIR = Path(os.getenv('FRONTEND_BUILD_DIR', BASE_DIR / 'build')).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b46e73b8164a55ad Environment-variable access.
repo/backend/open_webui/env.py:247
    FRONTEND_BUILD_DIR = Path(os.getenv('FRONTEND_BUILD_DIR', OPEN_WEBUI_DIR / 'frontend')).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d30063cc522a14 Environment-variable access.
repo/backend/open_webui/env.py:261
DATABASE_URL = os.getenv('DATABASE_URL', f'sqlite:///{DATA_DIR}/webui.db')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18da7b3bcc8eae6f Environment-variable access.
repo/backend/open_webui/env.py:263
DATABASE_TYPE = os.getenv('DATABASE_TYPE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d9b9ee9923e541a Environment-variable access.
repo/backend/open_webui/env.py:264
DATABASE_USER = os.getenv('DATABASE_USER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd8561f415da984 Environment-variable access.
repo/backend/open_webui/env.py:265
DATABASE_PASSWORD = os.getenv('DATABASE_PASSWORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af8cef31a2213630 Environment-variable access.
repo/backend/open_webui/env.py:276
    'db_host': os.getenv('DATABASE_HOST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e432cde829df4a99 Environment-variable access.
repo/backend/open_webui/env.py:277
    'db_port': os.getenv('DATABASE_PORT'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d53fa9468eff6ffa Environment-variable access.
repo/backend/open_webui/env.py:278
    'db_name': os.getenv('DATABASE_NAME'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e3a799b8fa7c9a Environment-variable access.
repo/backend/open_webui/env.py:285
elif DATABASE_TYPE == 'sqlite+sqlcipher' and not os.getenv('DATABASE_URL'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25abbfb9832ccb4e Environment-variable access.
repo/backend/open_webui/env.py:293
DATABASE_SCHEMA = os.getenv('DATABASE_SCHEMA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13d88c6557cf8bd8 Environment-variable access.
repo/backend/open_webui/env.py:294
DATABASE_ENABLE_IAM_TOKEN_AUTH = os.getenv('DATABASE_ENABLE_IAM_TOKEN_AUTH', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e05ad8571311f674 Environment-variable access.
repo/backend/open_webui/env.py:296
_pool_size_raw = os.getenv('DATABASE_POOL_SIZE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #242f4b37b67baf8a Environment-variable access.
repo/backend/open_webui/env.py:302
_pool_overflow_raw = os.getenv('DATABASE_POOL_MAX_OVERFLOW', '0')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02dc9214f71bbd14 Environment-variable access.
repo/backend/open_webui/env.py:308
_pool_timeout_raw = os.getenv('DATABASE_POOL_TIMEOUT', '30')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c19add7ecc6958fb Environment-variable access.
repo/backend/open_webui/env.py:314
_pool_recycle_raw = os.getenv('DATABASE_POOL_RECYCLE', '3600')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89ef86eceacfab35 Environment-variable access.
repo/backend/open_webui/env.py:320
DATABASE_ENABLE_SQLITE_WAL = os.getenv('DATABASE_ENABLE_SQLITE_WAL', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e77d6e2094f900c7 Environment-variable access.
repo/backend/open_webui/env.py:328
DATABASE_SQLITE_PRAGMA_SYNCHRONOUS = os.getenv('DATABASE_SQLITE_PRAGMA_SYNCHRONOUS', 'NORMAL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2704877196b59f86 Environment-variable access.
repo/backend/open_webui/env.py:332
DATABASE_SQLITE_PRAGMA_BUSY_TIMEOUT = os.getenv('DATABASE_SQLITE_PRAGMA_BUSY_TIMEOUT', '5000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e96ef2889a16ce06 Environment-variable access.
repo/backend/open_webui/env.py:335
DATABASE_SQLITE_PRAGMA_CACHE_SIZE = os.getenv('DATABASE_SQLITE_PRAGMA_CACHE_SIZE', '-65536')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c50ff384ea54f98 Environment-variable access.
repo/backend/open_webui/env.py:339
DATABASE_SQLITE_PRAGMA_TEMP_STORE = os.getenv('DATABASE_SQLITE_PRAGMA_TEMP_STORE', 'MEMORY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #648eb366d4feef89 Environment-variable access.
repo/backend/open_webui/env.py:343
DATABASE_SQLITE_PRAGMA_MMAP_SIZE = os.getenv('DATABASE_SQLITE_PRAGMA_MMAP_SIZE', '268435456')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66c78c945dff2885 Environment-variable access.
repo/backend/open_webui/env.py:348
DATABASE_SQLITE_PRAGMA_JOURNAL_SIZE_LIMIT = os.getenv('DATABASE_SQLITE_PRAGMA_JOURNAL_SIZE_LIMIT', '67108864')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38f9716edb8fb668 Environment-variable access.
repo/backend/open_webui/env.py:350
DATABASE_USER_ACTIVE_STATUS_UPDATE_INTERVAL = os.getenv('DATABASE_USER_ACTIVE_STATUS_UPDATE_INTERVAL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8eed62bcce9b5d12 Environment-variable access.
repo/backend/open_webui/env.py:357
DATABASE_ENABLE_SESSION_SHARING = os.getenv('DATABASE_ENABLE_SESSION_SHARING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7e00bf5c2909dc4 Environment-variable access.
repo/backend/open_webui/env.py:358
ENABLE_PUBLIC_ACTIVE_USERS_COUNT = os.getenv('ENABLE_PUBLIC_ACTIVE_USERS_COUNT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c615b51db9d7b1e Environment-variable access.
repo/backend/open_webui/env.py:359
RESET_CONFIG_ON_START = os.getenv('RESET_CONFIG_ON_START', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ccda1a0a99e5426 Environment-variable access.
repo/backend/open_webui/env.py:360
ENABLE_REALTIME_CHAT_SAVE = os.getenv('ENABLE_REALTIME_CHAT_SAVE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b96ed5a9265088b7 Environment-variable access.
repo/backend/open_webui/env.py:361
ENABLE_QUERIES_CACHE = os.getenv('ENABLE_QUERIES_CACHE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65ccf59815c9d31a Environment-variable access.
repo/backend/open_webui/env.py:362
RAG_SYSTEM_CONTEXT = os.getenv('RAG_SYSTEM_CONTEXT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #399997c4f0e7136d Environment-variable access.
repo/backend/open_webui/env.py:368
REDIS_URL = os.getenv('REDIS_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c287fc2823e0c47 Environment-variable access.
repo/backend/open_webui/env.py:369
REDIS_CLUSTER = os.getenv('REDIS_CLUSTER', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2664e9bf39ed9cee Environment-variable access.
repo/backend/open_webui/env.py:371
REDIS_KEY_PREFIX = os.getenv('REDIS_KEY_PREFIX', 'open-webui')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #416758d436086b9f Environment-variable access.
repo/backend/open_webui/env.py:373
REDIS_SENTINEL_HOSTS = os.getenv('REDIS_SENTINEL_HOSTS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f46997ca7a6fcd94 Environment-variable access.
repo/backend/open_webui/env.py:374
REDIS_SENTINEL_PORT = os.getenv('REDIS_SENTINEL_PORT', '26379')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1d0369113129f3 Environment-variable access.
repo/backend/open_webui/env.py:377
REDIS_SENTINEL_MAX_RETRY_COUNT = os.getenv('REDIS_SENTINEL_MAX_RETRY_COUNT', '2')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64ca11d255e3586 Environment-variable access.
repo/backend/open_webui/env.py:386
REDIS_SOCKET_CONNECT_TIMEOUT = os.getenv('REDIS_SOCKET_CONNECT_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2c99438c6d8e05a Environment-variable access.
repo/backend/open_webui/env.py:397
REDIS_SOCKET_KEEPALIVE = os.getenv('REDIS_SOCKET_KEEPALIVE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66b33fa94fd9d6e2 Environment-variable access.
repo/backend/open_webui/env.py:405
REDIS_HEALTH_CHECK_INTERVAL = os.getenv('REDIS_HEALTH_CHECK_INTERVAL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21b590c12eeb06e7 Environment-variable access.
repo/backend/open_webui/env.py:413
REDIS_RECONNECT_DELAY = os.getenv('REDIS_RECONNECT_DELAY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32fca1e994a62a30 Environment-variable access.
repo/backend/open_webui/env.py:430
    UVICORN_WORKERS = max(int(os.getenv('UVICORN_WORKERS', '1')), 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #799cb4358d201adb Environment-variable access.
repo/backend/open_webui/env.py:438
ENABLE_WEBSOCKET_SUPPORT = os.getenv('ENABLE_WEBSOCKET_SUPPORT', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #342adffebd38f98d Environment-variable access.
repo/backend/open_webui/env.py:441
WEBSOCKET_MANAGER = os.getenv('WEBSOCKET_MANAGER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faff440a7ebb3264 Environment-variable access.
repo/backend/open_webui/env.py:443
WEBSOCKET_REDIS_OPTIONS = os.getenv('WEBSOCKET_REDIS_OPTIONS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #029e9166e322cbc7 Environment-variable access.
repo/backend/open_webui/env.py:458
WEBSOCKET_REDIS_URL = os.getenv('WEBSOCKET_REDIS_URL', REDIS_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acdbe647e7acff3a Environment-variable access.
repo/backend/open_webui/env.py:459
WEBSOCKET_REDIS_CLUSTER = os.getenv('WEBSOCKET_REDIS_CLUSTER', str(REDIS_CLUSTER)).lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50e23d74db1f1d03 Environment-variable access.
repo/backend/open_webui/env.py:461
websocket_redis_lock_timeout = os.getenv('WEBSOCKET_REDIS_LOCK_TIMEOUT', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b4d3267eb94e353 Environment-variable access.
repo/backend/open_webui/env.py:468
WEBSOCKET_SENTINEL_HOSTS = os.getenv('WEBSOCKET_SENTINEL_HOSTS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b64d00bc61e868e Environment-variable access.
repo/backend/open_webui/env.py:469
WEBSOCKET_SENTINEL_PORT = os.getenv('WEBSOCKET_SENTINEL_PORT', '26379')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c405767789ce985 Environment-variable access.
repo/backend/open_webui/env.py:470
WEBSOCKET_SERVER_LOGGING = os.getenv('WEBSOCKET_SERVER_LOGGING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81dc2b5ca9663d0d Environment-variable access.
repo/backend/open_webui/env.py:472
    os.getenv(
        'WEBSOCKET_SERVER_ENGINEIO_LOGGING',
        os.getenv('WEBSOCKET_SERVER_LOGGING', 'False'),
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64b40dc8e377022 Environment-variable access.
repo/backend/open_webui/env.py:474
        os.getenv('WEBSOCKET_SERVER_LOGGING', 'False'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de57adf0440e668d Environment-variable access.
repo/backend/open_webui/env.py:478
WEBSOCKET_SERVER_PING_TIMEOUT = os.getenv('WEBSOCKET_SERVER_PING_TIMEOUT', '20')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #722f64394a81e2e1 Environment-variable access.
repo/backend/open_webui/env.py:484
WEBSOCKET_SERVER_PING_INTERVAL = os.getenv('WEBSOCKET_SERVER_PING_INTERVAL', '25')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7c3af4566e5520b Environment-variable access.
repo/backend/open_webui/env.py:490
WEBSOCKET_EVENT_CALLER_TIMEOUT = os.getenv('WEBSOCKET_EVENT_CALLER_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94ad53f2e5bd90d9 Environment-variable access.
repo/backend/open_webui/env.py:512
AIOHTTP_CLIENT_SSL_CERT_FILE = os.getenv('AIOHTTP_CLIENT_SSL_CERT_FILE', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0649fb60b4498c43 Environment-variable access.
repo/backend/open_webui/env.py:560
REQUESTS_VERIFY = os.getenv('REQUESTS_VERIFY', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c471f0d84101c41 Environment-variable access.
repo/backend/open_webui/env.py:562
_aiohttp_timeout_raw = os.getenv('AIOHTTP_CLIENT_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b18f4f4f64b8d48 Environment-variable access.
repo/backend/open_webui/env.py:572
AIOHTTP_CLIENT_SESSION_SSL = _parse_ssl_env(os.getenv('AIOHTTP_CLIENT_SESSION_SSL', 'True'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c14be7bd2fc7c88 Environment-variable access.
repo/backend/open_webui/env.py:575
AIOHTTP_CLIENT_ALLOW_REDIRECTS = os.getenv('AIOHTTP_CLIENT_ALLOW_REDIRECTS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10ef33483cdb2bc8 Environment-variable access.
repo/backend/open_webui/env.py:580
USER_AGENT = os.getenv('USER_AGENT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11c4f06d54258e2 Environment-variable access.
repo/backend/open_webui/env.py:582
_model_list_timeout_raw = os.getenv(
    'AIOHTTP_CLIENT_TIMEOUT_MODEL_LIST',
    os.getenv('AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST', '10'),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6969541f984e86fa Environment-variable access.
repo/backend/open_webui/env.py:584
    os.getenv('AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST', '10'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e519304741356e5a Environment-variable access.
repo/backend/open_webui/env.py:591
_tool_data_timeout_raw = os.getenv('AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER_DATA', '10')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0af6f003191fedf Environment-variable access.
repo/backend/open_webui/env.py:601
AIOHTTP_CLIENT_SESSION_TOOL_SERVER_SSL = _parse_ssl_env(os.getenv('AIOHTTP_CLIENT_SESSION_TOOL_SERVER_SSL', 'True'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ba2b1b6e0a03fa Environment-variable access.
repo/backend/open_webui/env.py:603
AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER = os.getenv('AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e82eaeeb74ab1591 Environment-variable access.
repo/backend/open_webui/env.py:616
MCP_INITIALIZE_TIMEOUT = os.getenv('MCP_INITIALIZE_TIMEOUT', '10')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #320246fcc7bb06dd Environment-variable access.
repo/backend/open_webui/env.py:627
AIOHTTP_POOL_CONNECTIONS = os.getenv('AIOHTTP_POOL_CONNECTIONS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c255556f601bb850 Environment-variable access.
repo/backend/open_webui/env.py:636
AIOHTTP_POOL_CONNECTIONS_PER_HOST = os.getenv('AIOHTTP_POOL_CONNECTIONS_PER_HOST', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33cbd35b4c96dfdb Environment-variable access.
repo/backend/open_webui/env.py:645
AIOHTTP_POOL_DNS_TTL = os.getenv('AIOHTTP_POOL_DNS_TTL', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89fb109625fe700 Environment-variable access.
repo/backend/open_webui/env.py:653
RAG_EMBEDDING_TIMEOUT = os.getenv('RAG_EMBEDDING_TIMEOUT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c6bd0350ac948bf Environment-variable access.
repo/backend/open_webui/env.py:668
WEBUI_AUTH = os.getenv('WEBUI_AUTH', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33433a5fda6e3d2c Environment-variable access.
repo/backend/open_webui/env.py:670
ENABLE_INITIAL_ADMIN_SIGNUP = os.getenv('ENABLE_INITIAL_ADMIN_SIGNUP', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e69fc3529eb4d0a3 Environment-variable access.
repo/backend/open_webui/env.py:671
ENABLE_SIGNUP_PASSWORD_CONFIRMATION = os.getenv('ENABLE_SIGNUP_PASSWORD_CONFIRMATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b2f1533806804e8 Environment-variable access.
repo/backend/open_webui/env.py:679
WEBUI_SECRET_KEY = os.getenv(
    'WEBUI_SECRET_KEY',
    os.getenv('WEBUI_JWT_SECRET_KEY', ''),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f82679025afa10 Environment-variable access.
repo/backend/open_webui/env.py:681
    os.getenv('WEBUI_JWT_SECRET_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2409388516d3e462 Environment-variable access.
repo/backend/open_webui/env.py:684
ENABLE_VALVE_ENCRYPTION = os.getenv('ENABLE_VALVE_ENCRYPTION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1564042ef66a2cce Environment-variable access.
repo/backend/open_webui/env.py:686
WEBUI_SESSION_COOKIE_SAME_SITE = os.getenv('WEBUI_SESSION_COOKIE_SAME_SITE', 'lax')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38892cf7aee17d72 Environment-variable access.
repo/backend/open_webui/env.py:687
WEBUI_SESSION_COOKIE_SECURE = os.getenv('WEBUI_SESSION_COOKIE_SECURE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5da97b0d5ddfb03 Environment-variable access.
repo/backend/open_webui/env.py:688
WEBUI_AUTH_COOKIE_SAME_SITE = os.getenv('WEBUI_AUTH_COOKIE_SAME_SITE', WEBUI_SESSION_COOKIE_SAME_SITE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31aed65b051a5f87 Environment-variable access.
repo/backend/open_webui/env.py:690
    os.getenv(
        'WEBUI_AUTH_COOKIE_SECURE',
        os.getenv('WEBUI_SESSION_COOKIE_SECURE', 'false'),
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e792aae8ad4c10b3 Environment-variable access.
repo/backend/open_webui/env.py:692
        os.getenv('WEBUI_SESSION_COOKIE_SECURE', 'false'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80c028c28c26d4c0 Environment-variable access.
repo/backend/open_webui/env.py:707
ENABLE_COMPRESSION_MIDDLEWARE = os.getenv('ENABLE_COMPRESSION_MIDDLEWARE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44628703db047c1d Environment-variable access.
repo/backend/open_webui/env.py:715
WEBUI_ADMIN_EMAIL = os.getenv('WEBUI_ADMIN_EMAIL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33a01be67087b27b Environment-variable access.
repo/backend/open_webui/env.py:716
WEBUI_ADMIN_PASSWORD = os.getenv('WEBUI_ADMIN_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b585e99510fb99c1 Environment-variable access.
repo/backend/open_webui/env.py:717
WEBUI_ADMIN_NAME = os.getenv('WEBUI_ADMIN_NAME', 'Admin')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1185c64987f0af2c Environment-variable access.
repo/backend/open_webui/env.py:719
WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.getenv('WEBUI_AUTH_TRUSTED_EMAIL_HEADER', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #117a830d86ea839d Environment-variable access.
repo/backend/open_webui/env.py:720
WEBUI_AUTH_TRUSTED_NAME_HEADER = os.getenv('WEBUI_AUTH_TRUSTED_NAME_HEADER', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0113f70514dcd1e Environment-variable access.
repo/backend/open_webui/env.py:721
WEBUI_AUTH_TRUSTED_GROUPS_HEADER = os.getenv('WEBUI_AUTH_TRUSTED_GROUPS_HEADER', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0538d0ad2730c407 Environment-variable access.
repo/backend/open_webui/env.py:722
WEBUI_AUTH_TRUSTED_ROLE_HEADER = os.getenv('WEBUI_AUTH_TRUSTED_ROLE_HEADER', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77bb7a5c1b037dba Environment-variable access.
repo/backend/open_webui/env.py:729
CUSTOM_API_KEY_HEADER = os.getenv('CUSTOM_API_KEY_HEADER', 'x-api-key')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef83677fc7790b6d Environment-variable access.
repo/backend/open_webui/env.py:731
ENABLE_PASSWORD_VALIDATION = os.getenv('ENABLE_PASSWORD_VALIDATION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5737593b7118d563 Environment-variable access.
repo/backend/open_webui/env.py:732
PASSWORD_HASH_ALGORITHM = os.getenv('PASSWORD_HASH_ALGORITHM', 'bcrypt').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbb8b9fb2ef4bb87 Environment-variable access.
repo/backend/open_webui/env.py:733
PASSWORD_VALIDATION_REGEX_PATTERN = os.getenv(
    'PASSWORD_VALIDATION_REGEX_PATTERN',
    r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\w\s]).{8,}$',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd55b30508d3400e Environment-variable access.
repo/backend/open_webui/env.py:746
PASSWORD_VALIDATION_HINT = os.getenv('PASSWORD_VALIDATION_HINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c18e173536e53b41 Environment-variable access.
repo/backend/open_webui/env.py:749
BYPASS_MODEL_ACCESS_CONTROL = os.getenv('BYPASS_MODEL_ACCESS_CONTROL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #957e2a96d94009f1 Environment-variable access.
repo/backend/open_webui/env.py:750
BYPASS_RETRIEVAL_ACCESS_CONTROL = os.getenv('BYPASS_RETRIEVAL_ACCESS_CONTROL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #098dd716a16af62a Environment-variable access.
repo/backend/open_webui/env.py:756
ENABLE_RETRIEVAL_UNSCOPED_COLLECTIONS = os.getenv('ENABLE_RETRIEVAL_UNSCOPED_COLLECTIONS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91570d434eedb5fa Environment-variable access.
repo/backend/open_webui/env.py:758
    int(os.getenv('MINERU_MAX_MARKDOWN_BYTES')) if os.getenv('MINERU_MAX_MARKDOWN_BYTES') else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #402f3a7e3d9b90ac Environment-variable access.
repo/backend/open_webui/env.py:764
BYPASS_PYDUB_PREPROCESSING = os.getenv('BYPASS_PYDUB_PREPROCESSING', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62c7543d2700761d Environment-variable access.
repo/backend/open_webui/env.py:769
ENABLE_OPENAI_API_PASSTHROUGH = os.getenv('ENABLE_OPENAI_API_PASSTHROUGH', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1472bea4d67d63b Environment-variable access.
repo/backend/open_webui/env.py:771
WEBUI_AUTH_SIGNOUT_REDIRECT_URL = os.getenv('WEBUI_AUTH_SIGNOUT_REDIRECT_URL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e1f19c28e40cbcb Environment-variable access.
repo/backend/open_webui/env.py:776
ENABLE_OAUTH_EMAIL_FALLBACK = os.getenv('ENABLE_OAUTH_EMAIL_FALLBACK', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d95e20694c7780c Environment-variable access.
repo/backend/open_webui/env.py:778
ENABLE_OAUTH_ID_TOKEN_COOKIE = os.getenv('ENABLE_OAUTH_ID_TOKEN_COOKIE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5aa040a82b4a86b Environment-variable access.
repo/backend/open_webui/env.py:780
OAUTH_CLIENT_INFO_ENCRYPTION_KEY = os.getenv('OAUTH_CLIENT_INFO_ENCRYPTION_KEY', WEBUI_SECRET_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2380cf0136eda2c2 Environment-variable access.
repo/backend/open_webui/env.py:782
OAUTH_SESSION_TOKEN_ENCRYPTION_KEY = os.getenv('OAUTH_SESSION_TOKEN_ENCRYPTION_KEY', WEBUI_SECRET_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b2e6e780cf0f7bf Environment-variable access.
repo/backend/open_webui/env.py:786
OAUTH_MAX_SESSIONS_PER_USER = int(os.getenv('OAUTH_MAX_SESSIONS_PER_USER', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84ec9a2c3af8bba7 Environment-variable access.
repo/backend/open_webui/env.py:790
ENABLE_OAUTH_TOKEN_EXCHANGE = os.getenv('ENABLE_OAUTH_TOKEN_EXCHANGE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bef00022c562eca1 Environment-variable access.
repo/backend/open_webui/env.py:796
ENABLE_OAUTH_BACKCHANNEL_LOGOUT = os.getenv('ENABLE_OAUTH_BACKCHANNEL_LOGOUT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0126d0b957fda3be Environment-variable access.
repo/backend/open_webui/env.py:802
ENABLE_SCIM = os.getenv('ENABLE_SCIM', os.getenv('SCIM_ENABLED', 'False')).lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d68397259674b02 Environment-variable access.
repo/backend/open_webui/env.py:803
SCIM_TOKEN = os.getenv('SCIM_TOKEN', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074a9ce86c28d473 Environment-variable access.
repo/backend/open_webui/env.py:804
SCIM_AUTH_PROVIDER = os.getenv('SCIM_AUTH_PROVIDER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7fa97027d689085 Environment-variable access.
repo/backend/open_webui/env.py:817
LICENSE_KEY = os.getenv('LICENSE_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7923cabc74498519 Environment-variable access.
repo/backend/open_webui/env.py:820
LICENSE_BLOB_PATH = os.getenv('LICENSE_BLOB_PATH', DATA_DIR / 'l.data')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7f4e18377dbc318 Filesystem access.
repo/backend/open_webui/env.py:822
    with open(LICENSE_BLOB_PATH, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4da989cbee58eec6 Environment-variable access.
repo/backend/open_webui/env.py:825
LICENSE_PUBLIC_KEY = os.getenv('LICENSE_PUBLIC_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c5442c9e3c6fdaf Environment-variable access.
repo/backend/open_webui/env.py:842
WEBUI_NAME = os.getenv('WEBUI_NAME', 'Open WebUI')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6a98221f6e03d2 Environment-variable access.
repo/backend/open_webui/env.py:847
WEBUI_BUILD_HASH = os.getenv('WEBUI_BUILD_HASH', 'dev-build')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b76727c301c49002 Environment-variable access.
repo/backend/open_webui/env.py:848
TRUSTED_SIGNATURE_KEY = os.getenv('TRUSTED_SIGNATURE_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6da786dfb5459656 Environment-variable access.
repo/backend/open_webui/env.py:854
SAFE_MODE = os.getenv('SAFE_MODE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62a61a4c610a80a3 Environment-variable access.
repo/backend/open_webui/env.py:855
ENABLE_EASTER_EGGS = os.getenv('ENABLE_EASTER_EGGS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #980f3e65af8f978e Environment-variable access.
repo/backend/open_webui/env.py:856
ENABLE_STAR_SESSIONS_MIDDLEWARE = os.getenv('ENABLE_STAR_SESSIONS_MIDDLEWARE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d1722c6be90e0be Environment-variable access.
repo/backend/open_webui/env.py:857
ENABLE_KB_EXEC = os.getenv('ENABLE_KB_EXEC', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #007bfba32527bbaf Environment-variable access.
repo/backend/open_webui/env.py:859
ENABLE_PROFILE_IMAGE_URL_FORWARDING = os.getenv('ENABLE_PROFILE_IMAGE_URL_FORWARDING', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #407ea94e89025b82 Environment-variable access.
repo/backend/open_webui/env.py:862
    for t in os.getenv(
        'PROFILE_IMAGE_ALLOWED_MIME_TYPES',
        'image/png,image/jpeg,image/gif,image/webp',
    ).split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #874a12241d8f3a07 Environment-variable access.
repo/backend/open_webui/env.py:871
_profile_image_max_data_uri_size = os.getenv('PROFILE_IMAGE_MAX_DATA_URI_SIZE', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62458eb5e202ff36 Environment-variable access.
repo/backend/open_webui/env.py:878
ENABLE_FORWARD_USER_INFO_HEADERS = os.getenv('ENABLE_FORWARD_USER_INFO_HEADERS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b998ce020b86a121 Environment-variable access.
repo/backend/open_webui/env.py:880
FORWARD_USER_INFO_HEADER_USER_NAME = os.getenv('FORWARD_USER_INFO_HEADER_USER_NAME', 'X-OpenWebUI-User-Name')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c4a4dd778a7e34a Environment-variable access.
repo/backend/open_webui/env.py:881
FORWARD_USER_INFO_HEADER_USER_ID = os.getenv('FORWARD_USER_INFO_HEADER_USER_ID', 'X-OpenWebUI-User-Id')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a04e1140fe7a5ba Environment-variable access.
repo/backend/open_webui/env.py:882
FORWARD_USER_INFO_HEADER_USER_EMAIL = os.getenv('FORWARD_USER_INFO_HEADER_USER_EMAIL', 'X-OpenWebUI-User-Email')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea277043e11454e5 Environment-variable access.
repo/backend/open_webui/env.py:883
FORWARD_USER_INFO_HEADER_USER_ROLE = os.getenv('FORWARD_USER_INFO_HEADER_USER_ROLE', 'X-OpenWebUI-User-Role')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #827ffcd7f2a48d1f Environment-variable access.
repo/backend/open_webui/env.py:884
FORWARD_SESSION_INFO_HEADER_MESSAGE_ID = os.getenv('FORWARD_SESSION_INFO_HEADER_MESSAGE_ID', 'X-OpenWebUI-Message-Id')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62415fa4428c621e Environment-variable access.
repo/backend/open_webui/env.py:885
FORWARD_SESSION_INFO_HEADER_CHAT_ID = os.getenv('FORWARD_SESSION_INFO_HEADER_CHAT_ID', 'X-OpenWebUI-Chat-Id')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac84631af63bd6b2 Environment-variable access.
repo/backend/open_webui/env.py:889
FORWARD_USER_INFO_HEADER_JWT_SECRET = (os.environ.get('FORWARD_USER_INFO_HEADER_JWT_SECRET') or '').strip() or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #813336077bf6a3c7 Environment-variable access.
repo/backend/open_webui/env.py:890
FORWARD_USER_INFO_HEADER_JWT = os.environ.get('FORWARD_USER_INFO_HEADER_JWT', 'X-OpenWebUI-User-Jwt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #609d64d3d73928a1 Environment-variable access.
repo/backend/open_webui/env.py:893
        os.environ.get('FORWARD_USER_INFO_HEADER_JWT_EXPIRES_SECONDS', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aad003d3af3fb192 Environment-variable access.
repo/backend/open_webui/env.py:902
EXTERNAL_PWA_MANIFEST_URL = os.getenv('EXTERNAL_PWA_MANIFEST_URL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #490a5757581224f1 Environment-variable access.
repo/backend/open_webui/env.py:910
_default_group_share = os.getenv('DEFAULT_GROUP_SHARE_PERMISSION', 'members').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21db1e0e50068760 Environment-variable access.
repo/backend/open_webui/env.py:917
ENABLE_CUSTOM_MODEL_FALLBACK = os.getenv('ENABLE_CUSTOM_MODEL_FALLBACK', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca879e1883b6f29d Environment-variable access.
repo/backend/open_webui/env.py:919
MODELS_CACHE_TTL = os.getenv('MODELS_CACHE_TTL', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ae3e3b50446046a Environment-variable access.
repo/backend/open_webui/env.py:934
    os.getenv('ENABLE_CHAT_RESPONSE_BASE64_IMAGE_URL_CONVERSION', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a0b9b7bf68de40 Environment-variable access.
repo/backend/open_webui/env.py:936
ENABLE_API_OUTLET_FILTERS = os.getenv('ENABLE_API_OUTLET_FILTERS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fd400c90817e21 Environment-variable access.
repo/backend/open_webui/env.py:944
    os.getenv('ENABLE_IMAGE_CONTENT_TYPE_EXTENSION_FALLBACK', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #598cc794d9cf1372 Environment-variable access.
repo/backend/open_webui/env.py:947
CHAT_RESPONSE_STREAM_DELTA_CHUNK_SIZE = os.getenv('CHAT_RESPONSE_STREAM_DELTA_CHUNK_SIZE', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baa09ab9029099eb Environment-variable access.
repo/backend/open_webui/env.py:960
CHAT_RESPONSE_MAX_TOOL_CALL_ITERATIONS = os.getenv(
    'CHAT_RESPONSE_MAX_TOOL_CALL_ITERATIONS',
    os.getenv('CHAT_RESPONSE_MAX_TOOL_CALL_RETRIES', '256'),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #729f9b11ee7cba4d Environment-variable access.
repo/backend/open_webui/env.py:962
    os.getenv('CHAT_RESPONSE_MAX_TOOL_CALL_RETRIES', '256'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd480965accdbda Environment-variable access.
repo/backend/open_webui/env.py:982
ENABLE_RESPONSES_API_STATEFUL = os.getenv('ENABLE_RESPONSES_API_STATEFUL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07e6d14bce6a06d3 Environment-variable access.
repo/backend/open_webui/env.py:985
CHAT_STREAM_RESPONSE_CHUNK_MAX_BUFFER_SIZE = os.getenv('CHAT_STREAM_RESPONSE_CHUNK_MAX_BUFFER_SIZE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05aee02aa6b13006 Environment-variable access.
repo/backend/open_webui/env.py:1001
SENTENCE_TRANSFORMERS_BACKEND = os.getenv('SENTENCE_TRANSFORMERS_BACKEND', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fc0d5ba79df14b6 Environment-variable access.
repo/backend/open_webui/env.py:1006
SENTENCE_TRANSFORMERS_MODEL_KWARGS = os.getenv('SENTENCE_TRANSFORMERS_MODEL_KWARGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67aa605f0954375c Environment-variable access.
repo/backend/open_webui/env.py:1016
SENTENCE_TRANSFORMERS_CROSS_ENCODER_BACKEND = os.getenv('SENTENCE_TRANSFORMERS_CROSS_ENCODER_BACKEND', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ff35a1da4fb3a36 Environment-variable access.
repo/backend/open_webui/env.py:1021
SENTENCE_TRANSFORMERS_CROSS_ENCODER_MODEL_KWARGS = os.getenv('SENTENCE_TRANSFORMERS_CROSS_ENCODER_MODEL_KWARGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baa6913994c11d80 Environment-variable access.
repo/backend/open_webui/env.py:1034
    os.getenv('SENTENCE_TRANSFORMERS_CROSS_ENCODER_SIGMOID_ACTIVATION_FUNCTION', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8af1760deca30fca Environment-variable access.
repo/backend/open_webui/env.py:1042
    os.getenv('ENABLE_PIP_INSTALL_FRONTMATTER_REQUIREMENTS', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90698a47e54cde51 Environment-variable access.
repo/backend/open_webui/env.py:1045
PIP_OPTIONS = os.getenv('PIP_OPTIONS', '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1232709f86b8c789 Environment-variable access.
repo/backend/open_webui/env.py:1046
PIP_PACKAGE_INDEX_OPTIONS = os.getenv('PIP_PACKAGE_INDEX_OPTIONS', '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e23a64f42e565952 Environment-variable access.
repo/backend/open_webui/env.py:1053
ENABLE_VERSION_UPDATE_CHECK = os.getenv('ENABLE_VERSION_UPDATE_CHECK', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65919c2703688a16 Environment-variable access.
repo/backend/open_webui/env.py:1054
OFFLINE_MODE = os.getenv('OFFLINE_MODE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11131a2eb9d91be7 Environment-variable access.
repo/backend/open_webui/env.py:1057
    os.environ['HF_HUB_OFFLINE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e955da5427d13df Environment-variable access.
repo/backend/open_webui/env.py:1064
ENABLE_PYODIDE_FILE_PERSISTENCE = os.getenv('ENABLE_PYODIDE_FILE_PERSISTENCE', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bdd3cb7cd735614 Environment-variable access.
repo/backend/open_webui/env.py:1071
ENABLE_AUDIT_STDOUT = os.getenv('ENABLE_AUDIT_STDOUT', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01e08472856175b1 Environment-variable access.
repo/backend/open_webui/env.py:1072
ENABLE_AUDIT_LOGS_FILE = os.getenv('ENABLE_AUDIT_LOGS_FILE', 'True').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6973359919006ab5 Environment-variable access.
repo/backend/open_webui/env.py:1077
AUDIT_LOGS_FILE_PATH = os.getenv('AUDIT_LOGS_FILE_PATH', f'{DATA_DIR}/audit.log')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40cd915ccdee5b81 Environment-variable access.
repo/backend/open_webui/env.py:1079
AUDIT_LOG_FILE_ROTATION_SIZE = os.getenv('AUDIT_LOG_FILE_ROTATION_SIZE', '10MB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6988d5d446fba17a Environment-variable access.
repo/backend/open_webui/env.py:1084
AUDIT_UVICORN_LOGGER_NAMES = os.getenv('AUDIT_UVICORN_LOGGER_NAMES', 'uvicorn.access').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13cd0a0dddca4c13 Environment-variable access.
repo/backend/open_webui/env.py:1087
AUDIT_LOG_LEVEL = os.getenv('AUDIT_LOG_LEVEL', 'NONE').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00a4ba4af69221a3 Environment-variable access.
repo/backend/open_webui/env.py:1089
    MAX_BODY_LOG_SIZE = int(os.getenv('MAX_BODY_LOG_SIZE') or 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3940c30c13fe0094 Environment-variable access.
repo/backend/open_webui/env.py:1094
AUDIT_EXCLUDED_PATHS = os.getenv('AUDIT_EXCLUDED_PATHS', '/chats,/chat,/folders').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c023b0dd718750d8 Environment-variable access.
repo/backend/open_webui/env.py:1100
AUDIT_INCLUDED_PATHS = os.getenv('AUDIT_INCLUDED_PATHS', '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8374208f92a26f0b Environment-variable access.
repo/backend/open_webui/env.py:1105
ENABLE_AUDIT_GET_REQUESTS = os.getenv('ENABLE_AUDIT_GET_REQUESTS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a12c2b2c8355efa4 Environment-variable access.
repo/backend/open_webui/env.py:1112
ENABLE_OTEL = os.getenv('ENABLE_OTEL', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a02c84b9a69c3c8 Environment-variable access.
repo/backend/open_webui/env.py:1113
ENABLE_OTEL_TRACES = os.getenv('ENABLE_OTEL_TRACES', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54dee07e6e3841ad Environment-variable access.
repo/backend/open_webui/env.py:1114
ENABLE_OTEL_METRICS = os.getenv('ENABLE_OTEL_METRICS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f25c590a46905d0 Environment-variable access.
repo/backend/open_webui/env.py:1115
ENABLE_OTEL_LOGS = os.getenv('ENABLE_OTEL_LOGS', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51123deefeaaa8cc Environment-variable access.
repo/backend/open_webui/env.py:1117
OTEL_EXPORTER_OTLP_ENDPOINT = os.getenv('OTEL_EXPORTER_OTLP_ENDPOINT', 'http://localhost:4317')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a43efab65d2edbd6 Environment-variable access.
repo/backend/open_webui/env.py:1118
OTEL_METRICS_EXPORTER_OTLP_ENDPOINT = os.getenv('OTEL_METRICS_EXPORTER_OTLP_ENDPOINT', OTEL_EXPORTER_OTLP_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdc732cb262bcb8d Environment-variable access.
repo/backend/open_webui/env.py:1119
OTEL_LOGS_EXPORTER_OTLP_ENDPOINT = os.getenv('OTEL_LOGS_EXPORTER_OTLP_ENDPOINT', OTEL_EXPORTER_OTLP_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f00c75c6e1014a64 Environment-variable access.
repo/backend/open_webui/env.py:1120
OTEL_EXPORTER_OTLP_INSECURE = os.getenv('OTEL_EXPORTER_OTLP_INSECURE', 'False').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b18ebe85781c29e Environment-variable access.
repo/backend/open_webui/env.py:1122
    os.getenv('OTEL_METRICS_EXPORTER_OTLP_INSECURE', str(OTEL_EXPORTER_OTLP_INSECURE)).lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7919512dfb94a356 Environment-variable access.
repo/backend/open_webui/env.py:1125
    os.getenv('OTEL_LOGS_EXPORTER_OTLP_INSECURE', str(OTEL_EXPORTER_OTLP_INSECURE)).lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b1fba9ab74e330e Environment-variable access.
repo/backend/open_webui/env.py:1127
OTEL_SERVICE_NAME = os.getenv('OTEL_SERVICE_NAME', 'open-webui')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f08b1787381618b3 Environment-variable access.
repo/backend/open_webui/env.py:1128
OTEL_RESOURCE_ATTRIBUTES = os.getenv('OTEL_RESOURCE_ATTRIBUTES', '')  # e.g. key1=val1,key2=val2

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9e56c8795595181 Environment-variable access.
repo/backend/open_webui/env.py:1129
OTEL_TRACES_SAMPLER = os.getenv('OTEL_TRACES_SAMPLER', 'parentbased_always_on').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c3f30687f3bb265 Environment-variable access.
repo/backend/open_webui/env.py:1130
OTEL_BASIC_AUTH_USERNAME = os.getenv('OTEL_BASIC_AUTH_USERNAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec0c5d817389d61 Environment-variable access.
repo/backend/open_webui/env.py:1131
OTEL_BASIC_AUTH_PASSWORD = os.getenv('OTEL_BASIC_AUTH_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a475a02b77af572f Environment-variable access.
repo/backend/open_webui/env.py:1132
OTEL_METRICS_EXPORT_INTERVAL_MILLIS = int(os.getenv('OTEL_METRICS_EXPORT_INTERVAL_MILLIS', '10000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac622d09d73a24a5 Environment-variable access.
repo/backend/open_webui/env.py:1134
OTEL_METRICS_BASIC_AUTH_USERNAME = os.getenv('OTEL_METRICS_BASIC_AUTH_USERNAME', OTEL_BASIC_AUTH_USERNAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd1b370f7a9eb91 Environment-variable access.
repo/backend/open_webui/env.py:1135
OTEL_METRICS_BASIC_AUTH_PASSWORD = os.getenv('OTEL_METRICS_BASIC_AUTH_PASSWORD', OTEL_BASIC_AUTH_PASSWORD)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b9624ab3677d7aa Environment-variable access.
repo/backend/open_webui/env.py:1136
OTEL_LOGS_BASIC_AUTH_USERNAME = os.getenv('OTEL_LOGS_BASIC_AUTH_USERNAME', OTEL_BASIC_AUTH_USERNAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #104ca5ed7557a235 Environment-variable access.
repo/backend/open_webui/env.py:1137
OTEL_LOGS_BASIC_AUTH_PASSWORD = os.getenv('OTEL_LOGS_BASIC_AUTH_PASSWORD', OTEL_BASIC_AUTH_PASSWORD)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95767ef591b2a27f Environment-variable access.
repo/backend/open_webui/env.py:1139
OTEL_OTLP_SPAN_EXPORTER = os.getenv('OTEL_OTLP_SPAN_EXPORTER', 'grpc').lower()  # grpc or http

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3358f11a196cd23 Environment-variable access.
repo/backend/open_webui/env.py:1141
OTEL_METRICS_OTLP_SPAN_EXPORTER = os.getenv(
    'OTEL_METRICS_OTLP_SPAN_EXPORTER', OTEL_OTLP_SPAN_EXPORTER
).lower()  # grpc or http

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcefe7826cc6ce5d Environment-variable access.
repo/backend/open_webui/env.py:1145
OTEL_LOGS_OTLP_SPAN_EXPORTER = os.getenv(
    'OTEL_LOGS_OTLP_SPAN_EXPORTER', OTEL_OTLP_SPAN_EXPORTER
).lower()  # grpc or http

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1102aa3629489e9 Environment-variable access.
repo/backend/open_webui/internal/db.py:242
    database_password = os.environ.get('DATABASE_PASSWORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #479f6ee5f1a350fd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/main.py:913
                    async with session.post(
                        f'{url}/api/generate',
                        data=payload,
                        headers=headers,
                    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #176bd31d95bc4153 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/main.py:954
                    async with session.post(
                        f'{root_url}/models/unload',
                        json={'model': actual_model},
                        headers=headers,
                    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #058ce62cf9eba787 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/main.py:2174
            async with session.get(
                'https://api.github.com/repos/open-webui/open-webui/releases/latest',
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7574d11e11666427 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/main.py:2436
        async with session.get(
            external_pwa_manifest_url,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0e4eebf515143b5b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/auths.py:155
            credential = await session.get(Auth, resolved.id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #72ee96f36ade0ef2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/auths.py:201
            auth_row = await session.get(Auth, user_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f71136afd3377e13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/auths.py:218
            auth_row = await session.get(Auth, user_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ccff9c450ca574b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:467
                chat_item = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d4674c48bb03bfeb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:485
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aaf8d5c12cc5e2fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:497
                chat_item = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3c8c7000e961f185 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:511
            chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b4b959f0b79931d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:839
            chat = await session.get(Chat, chat_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d51595be80bd63f1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:867
            record = await session.get(Chat, chat_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9ffd1eec2b4d86b9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:898
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6caebf397fd0f3dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:909
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #94821327e43e30f7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:922
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #eba5d0e354697529 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:1220
                chat_item = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b5112fdfb2dd4d3e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:1677
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #12e63d6bfbde98f8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:1755
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7d5396309a2e736b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:1845
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d9b118b81df4c1b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/chats.py:2056
                chat = await session.get(Chat, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2ada912a8bac0576 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/tools.py:152
                tool = await session.get(Tool, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2d3eba60ee9eb0d9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:317
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5ab4b45ca1600c83 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:571
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #abcd1683aa7a1afa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:587
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2e8219dd51dd86f3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:599
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #97a7480d8a878558 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:620
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ff1caa4511bc2848 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:639
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6914f32b713a4c9f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:658
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #daca5f9cc745db76 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:670
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a67b1307337fe611 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:684
            user = await session.get(User, id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cf9344525fdb45c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/models/users.py:765
            user = await session.get(User, user_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6fd6953c255f201f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:71
            response = requests.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4eb94cfd0738345c Filesystem access.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:110
            with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #96389666e8a9e3d9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:112
                response = requests.post(
                    f'{self.api_base_url}',
                    data=form_data,
                    files=files,
                    headers=headers,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #04cc147a6c6ffc13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:147
                    poll_response = requests.get(check_url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f48f48e428eecbcf Filesystem access.
repo/backend/open_webui/retrieval/loaders/datalab_marker.py:235
            with open(output_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9a3dfcf3083714 Filesystem access.
repo/backend/open_webui/retrieval/loaders/external_document.py:37
        with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2db9c76dfb31724b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/external_document.py:62
            response = requests.put(f'{url}/process', data=data, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1c76388e1d317adb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/external_web.py:30
                response = requests.post(
                    self.external_url,
                    headers={
                        'User-Agent': 'Open WebUI (https://github.com/open-webui/open-webui) External Web Loader',
                        'Authorization': f'Bearer {self.external_api_key}',
                    },
                    json={
                        'urls': urls,
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #581ec558e4248605 Filesystem access.
repo/backend/open_webui/retrieval/loaders/main.py:149
        with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #42faca7d2ca094af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/main.py:165
        r = requests.put(endpoint, data=data, headers=headers, verify=REQUESTS_VERIFY)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1c74fd2a42fa3722 Filesystem access.
repo/backend/open_webui/retrieval/loaders/main.py:192
        with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f44aa4e2912e3169 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/main.py:197
            r = requests.post(
                f'{self.url}/v1/convert/file',
                files={
                    'files': (
                        self.file_path,
                        f,
                        self.mime_type or 'application/octet-stream',
                    )
                },
                data={
                    'image_export_mode': 'placeholder',
                    'md_page_break_placeholder': page_break_marker,
                    **self.params,
                },
                headers=headers,
                verify=AIOHTTP_CLIENT_SESSION_SSL,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #df8df11fd0ae54bb Filesystem access.
repo/backend/open_webui/retrieval/loaders/main.py:294
            with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #97d295303ec3d844 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/microsoft_web_iq.py:70
            response = requests.post(
                f'{self.api_base_url}/browse',
                json=payload,
                headers=headers,
                timeout=request_timeout,
                verify=self.verify_ssl,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #ff4af930cb7da153 Filesystem access.
repo/backend/open_webui/retrieval/loaders/mineru.py:97
            with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #da35a426772728d9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mineru.py:103
                response = requests.post(
                    f'{self.api_url}/file_parse',
                    data=form_data,
                    files=files,
                    timeout=self.timeout,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f71602920cc1c4a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mineru.py:239
            response = requests.post(
                f'{self.api_url}/file-urls/batch',
                headers=headers,
                json=request_body,
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #63b1f5aa809378ef Filesystem access.
repo/backend/open_webui/retrieval/loaders/mineru.py:298
            with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f833676dc5cca001 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mineru.py:299
                response = requests.put(
                    upload_url,
                    data=f,
                    timeout=self.timeout,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7c98824d1a333fa6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mineru.py:341
                response = requests.get(
                    f'{self.api_url}/extract-results/batch/{batch_id}',
                    headers=headers,
                    timeout=30,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5e15b3d35d59c83f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mineru.py:427
            response = requests.get(zip_url, timeout=60)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #43a467d072133769 Filesystem access.
repo/backend/open_webui/retrieval/loaders/mistral.py:235
            with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ac0ab6a0ea8b34b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:241
                response = requests.post(
                    url,
                    headers=self.headers,
                    files=files,
                    data=data,
                    timeout=self.upload_timeout,  # Use specialized upload timeout
                    stream=False,  # Keep as False for this endpoint
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5086e93cba37de2d Filesystem access.
repo/backend/open_webui/retrieval/loaders/mistral.py:270
            with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #95fccce8a73c3969 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:286
                async with session.post(
                    url,
                    data=writer,
                    headers=self.headers,
                    timeout=aiohttp.ClientTimeout(total=self.upload_timeout),
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c822ab465487e61 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:312
            response = requests.get(url, headers=signed_url_headers, params=params, timeout=self.url_timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b7e4bbd5b7ef5cf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:335
            async with session.get(
                url,
                headers=headers,
                params=params,
                timeout=aiohttp.ClientTimeout(total=self.url_timeout),
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9aba1334c0389d64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:372
            response = requests.post(url, headers=ocr_headers, json=payload, timeout=self.ocr_timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8978a20433640864 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/mistral.py:407
            async with session.post(
                url,
                json=payload,
                headers=headers,
                timeout=aiohttp.ClientTimeout(total=self.ocr_timeout),
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #65501dfb70dce0ca Filesystem access.
repo/backend/open_webui/retrieval/loaders/mistral.py:424
        with open(self.file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8998d297002c893a Filesystem access.
repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:38
            with open(self.file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #42a473d9a3ece8a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/paddleocr_vl.py:61
            response = requests.post(f'{self.api_url}/layout-parsing', json=payload, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3bd2f6f5df1d23bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/loaders/tavily.py:67
                response = requests.post(self.api_url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55b71320d1abeeff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/models/external.py:49
            r = requests.post(
                f'{self.url}',
                headers=headers,
                json=payload,
                timeout=self.timeout,
                verify=REQUESTS_VERIFY,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fe46eef768f06194 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:231
        response = session.get(url, stream=True, timeout=30, allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #403ced45ef03f86d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:865
    r = requests.post(
        f'{url}/embeddings',
        headers=headers,
        json=json_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #40c860a40974adb6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:901
        async with session.post(
            f'{url}/embeddings',
            headers=headers,
            json=form_data,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bdc9acb8f4cc92fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:939
        r = requests.post(
            url,
            headers=headers,
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ffa42cbda240784 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:983
        async with session.post(
            full_url,
            headers=headers,
            json=form_data,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #087b94a3ad49e839 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:1017
    r = requests.post(
        f'{url}/api/embed',
        headers=headers,
        json=json_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #754dbd46e1c47dd0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/utils.py:1056
        async with session.post(
            f'{url}/api/embed',
            headers=headers,
            json=form_data,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #de39807d0fc90195 Environment-variable access.
repo/backend/open_webui/retrieval/utils.py:1623
    cache_dir = os.getenv('SENTENCE_TRANSFORMERS_HOME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a4bc95bce8f50d11 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/bing.py:29
        response = requests.get(endpoint, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #02cb28363fdef7b7 Environment-variable access.
repo/backend/open_webui/retrieval/web/bing.py:68
        os.environ.get('BING_SEARCH_V7_SUBSCRIPTION_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6d59a1c5490681a Environment-variable access.
repo/backend/open_webui/retrieval/web/bing.py:69
        os.environ.get('BING_SEARCH_V7_ENDPOINT', 'https://api.bing.microsoft.com/v7.0/search'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9c6a08c382801f84 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/bocha.py:46
    response = requests.post(url, headers=headers, data=payload, timeout=5)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f161b42c9418bc01 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/brave.py:34
    async with session.get(url, headers=headers, params=params) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b77bec688527df8c Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/brave.py:38
            async with session.get(url, headers=headers, params=params) as retry_resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d106dab0e74a3087 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/brave_llm_context.py:44
    response = requests.get(url, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f0faa0d01e8bd9d0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/brave_llm_context.py:50
        response = requests.get(url, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #34fb8be26823cb78 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/exa.py:47
        response = requests.post(f'{EXA_API_BASE}/search', headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b1acf78a19d72029 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/external.py:33
        response = requests.post(
            external_url,
            headers=headers,
            json={
                'query': query,
                'count': count,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e834186fc91d9c0a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/firecrawl.py:87
            response = requests.request(
                method,
                url,
                headers=headers,
                json=json,
                timeout=timeout,
                verify=verify,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a0305c004a30807e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/google_pse.py:44
        async with session.get(url, headers=headers, params=params) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4d6bd34473cf4fbd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/jina_search.py:36
    response = requests.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a06015ceff9291ed Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/kagi.py:26
    response = requests.post(url, headers=headers, json=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cc58bc90f4c222ea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/linkup.py:40
        response = requests.post(
            api_url,
            headers={
                'Authorization': f'Bearer {api_key}',
                'Content-Type': 'application/json',
            },
            json=payload,
            timeout=30,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5ffcfbbe0c877a62 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/microsoft_web_iq.py:34
        response = requests.post(
            f'{api_base_url}/search/web',
            json={
                'query': query,
                'maxResults': count,
                'language': language,
                'contentFormat': 'passage',
            },
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #405f62be03a8144f Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/mojeek.py:24
    response = requests.get(url, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d5a62a811dd2097d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/ollama.py:32
        response = requests.post(f'{url}/api/web_search', headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #09a19baa31374374 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/perplexity_search.py:55
        response = requests.request('POST', url, json=payload, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d4f9aa44244ff96b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/searchapi.py:31
    response = requests.request('GET', url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ec7b79e7cf75c6ab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/searxng.py:51
    async with session.get(query_url, headers=_SEARXNG_HEADERS, params=params) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #897138b1a95ad997 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/serpapi.py:31
    response = requests.request('GET', url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7cfdc09e8af313f6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/serper.py:26
    async with session.post(url, headers=headers, data=json.dumps({'q': query})) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #33b249653317d7e3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/serphouse.py:16
    async with session.get(
        'https://api.serphouse.com/serp/live',
        params={
            'q': query,
            'domain': (domain or 'google.com').strip() or 'google.com',
            'device': 'desktop',
            'serp_type': 'web',
            'page': 1,
            'num_result': count,
        },
        headers={'Authorization': f'Bearer {api_key}', 'Accept': 'application/json'},
    ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e4a1a5daa05f3c88 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/serply.py:50
    response = requests.request('GET', url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6035fbed484deb85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/serpstack.py:27
    async with session.get(url, params=params) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c642b198b13208cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/tavily.py:34
    response = requests.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e2191c80dfd146d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/utils.py:766
                    async with session.get(
                        url,
                        **(self.requests_kwargs | kwargs),
                    ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21ece3f8f44ccdf2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/yacy.py:58
    response = requests.get(
        query_url,
        auth=yacy_auth,
        headers={
            'User-Agent': 'Open WebUI (https://github.com/open-webui/open-webui) RAG Bot',
            'Accept': 'text/html',
            'Accept-Encoding': 'gzip, deflate',
            'Accept-Language': 'en-US,en;q=0.5',
            'Connection': 'keep-alive',
        },
        params=params,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f1c963a79e5c8cb2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/yandex.py:74
        response = requests.post(
            ('https://searchapi.api.cloud.yandex.net/v2/web/search' if yandex_search_url == '' else yandex_search_url),
            headers=headers,
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #51f2fcfa1bba7917 Environment-variable access.
repo/backend/open_webui/retrieval/web/yandex.py:142
        os.environ.get('YANDEX_WEB_SEARCH_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f170eb39620c10c Environment-variable access.
repo/backend/open_webui/retrieval/web/yandex.py:143
        os.environ.get('YANDEX_WEB_SEARCH_API_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27da72a61e36374c Environment-variable access.
repo/backend/open_webui/retrieval/web/yandex.py:144
        os.environ.get('YANDEX_WEB_SEARCH_CONFIG', '{"query": {"searchType": "SEARCH_TYPE_COM"}}'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cd9561090c9acff2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/retrieval/web/ydc.py:37
    response = requests.get(url, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c40b5a85bebdfc77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:415
        async with session.post(
            f'{ELEVENLABS_API_BASE_URL}/v1/text-to-speech/{voice_id}',
            json={
                'text': payload['input'],
                'model_id': await Config.get('audio.tts.model'),
                'voice_settings': {'stability': 0.5, 'similarity_boost': 0.5},
            },
            headers={
                'Accept': 'audio/mpeg',
                'Content-Type': 'application/json',
                'xi-api-key': await Config.get('audio.tts.api_key'),
            },
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #eb99f68a90b1f7ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:454
        async with session.post(
            (az_base or f'https://{az_region}.tts.speech.microsoft.com') + '/cognitiveservices/v1',
            headers={
                'Ocp-Apim-Subscription-Key': await Config.get('audio.tts.api_key'),
                'Content-Type': 'application/ssml+xml',
                'X-Microsoft-OutputFormat': output_format,
            },
            data=ssml,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6e91209db6d84b34 Filesystem access.
repo/backend/open_webui/routers/audio.py:681
                with open(file_path, 'rb') as audio_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3b5c60a8338e138f Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:732
            r = await session.post(
                'https://api.deepgram.com/v1/listen',
                headers={'Authorization': f'Token {api_key}', 'Content-Type': content_type},
                params=query,
                data=audio_bytes,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6659ef16ba15074e Filesystem access.
repo/backend/open_webui/routers/audio.py:828
    form_data.add_field('audio', open(file_path, 'rb'), filename=filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d31f44b34e1c748 Filesystem access.
repo/backend/open_webui/routers/audio.py:1005
            form_data.add_field('file', open(file_path, 'rb'), filename=filename, content_type=mime_type)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1caabc64c2471797 Filesystem access.
repo/backend/open_webui/routers/audio.py:1212
            with open(file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #89a4f9f253df5180 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1274
                async with session.get(
                    f'{base_url}/audio/models',
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    timeout=_timeout,
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e10c0819bb88b4c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1285
                    async with session.get(
                        f'{base_url}/models',
                        ssl=AIOHTTP_CLIENT_SESSION_SSL,
                        timeout=_timeout,
                    ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7215c93cc57a9974 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1302
            async with session.get(
                f'{ELEVENLABS_API_BASE_URL}/v1/models',
                headers={
                    'xi-api-key': await Config.get('audio.tts.api_key'),
                    'Content-Type': 'application/json',
                },
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                timeout=_timeout,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bea24f35e52357cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1348
                async with session.get(
                    f'{base_url}/audio/voices',
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    timeout=_timeout,
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #32c493d4404f6a89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1364
            async with session.get(
                f'{ELEVENLABS_API_BASE_URL}/v1/voices',
                headers={
                    'xi-api-key': await Config.get('audio.tts.api_key'),
                    'Content-Type': 'application/json',
                },
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                timeout=_timeout,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0d7e14bed4402462 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1387
            async with session.get(
                url,
                headers={'Ocp-Apim-Subscription-Key': await Config.get('audio.tts.api_key')},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                timeout=_timeout,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #efb22ebe85789afe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/audio.py:1406
                async with session.get(
                    f'{api_base_url}/audio/voices',
                    headers={'Authorization': f'Bearer {api_key}'},
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    timeout=_timeout,
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1d23e2109adeebc8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/auths.py:935
                    async with session.get(oauth_server_metadata_url, ssl=AIOHTTP_CLIENT_SESSION_SSL) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #df2ff7be3cc45f47 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:365
                async with session.get(
                    f'{base_url}/api/v1/policies', headers=headers, ssl=AIOHTTP_CLIENT_SESSION_SSL
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4a01eb63caffd2ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:375
                async with session.get(
                    f'{base_url}/api/config', headers=headers, ssl=AIOHTTP_CLIENT_SESSION_SSL
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5111914cb2b91218 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:436
            async with session.put(
                policy_url, headers=headers, json=form_data.policy_data, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9149f990552dc5e3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:471
            async with session.put(
                lifecycle_url,
                headers=headers,
                json=form_data.lifecycle_data,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2291b038da7f6fe7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:518
            async with session.post(
                refresh_url,
                headers=headers,
                json=body,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b9c244b4913afa89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/configs.py:555
                        async with session.get(
                            discovery_url, ssl=AIOHTTP_CLIENT_SESSION_SSL
                        ) as oauth_server_metadata_response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #66a156e775c7cc49 Environment-variable access.
repo/backend/open_webui/routers/evaluations.py:65
EMBEDDING_MODEL_NAME = os.environ.get('AUXILIARY_EMBEDDING_MODEL', 'TaylorAI/bge-micro-v2')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cd07acb2750fe23 Filesystem access.
repo/backend/open_webui/routers/files.py:78
        with open(resolved, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2f3401eef73a7da8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/functions.py:123
            async with session.get(
                url, headers={'Content-Type': 'application/json'}, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #859d903c7e89daa9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/images.py:494
            async with session.get(
                data,
                headers=headers,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3ae4b8d0dcccee9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/images.py:920
                    async with session.get(
                        data, ssl=AIOHTTP_CLIENT_SESSION_SSL, allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS
                    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #171155e05677b951 Filesystem access.
repo/backend/open_webui/routers/images.py:939
                    with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c4d78c60f9a5e330 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:80
        async with session.get(
            url,
            headers=headers,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
            timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT_MODEL_LIST),
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #113ba1791bd2e1de Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:124
        r = await session.request(
            method,
            url,
            data=payload,
            headers=headers,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
            timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aeb16c7908785d51 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:260
        async with session.get(
            f'{form_data.url}/api/version',
            headers=headers,
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
            timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT_MODEL_LIST),
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5663ba6879d61917 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:1472
    async with session.get(
        file_url,
        headers=headers,
        ssl=AIOHTTP_CLIENT_SESSION_SSL,
        timeout=aiohttp.ClientTimeout(total=600),
    ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d8afaff462ae559b Filesystem access.
repo/backend/open_webui/routers/ollama.py:1480
        with open(file_path, 'ab+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e4f92bc99e9b3f8 Filesystem access.
repo/backend/open_webui/routers/ollama.py:1494
                    with open(file_path, 'rb') as blob_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #85e914ed17af9df6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:1500
                async with session.post(
                    blob_url,
                    data=blob_data,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    timeout=aiohttp.ClientTimeout(total=30),
                ) as blob_resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fbcea8967991a51c Filesystem access.
repo/backend/open_webui/routers/ollama.py:1560
        with open(file_path, 'wb') as out_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afb0fe0c62582ee0 Filesystem access.
repo/backend/open_webui/routers/ollama.py:1579
            with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63b6d5c00a153ab3 Filesystem access.
repo/backend/open_webui/routers/ollama.py:1588
                with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ff4aa3d168e4e262 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:1595
            async with session.post(
                blob_url,
                data=blob_data,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT),
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1892a0848ce524e0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/ollama.py:1617
            async with session.post(
                f'{ollama_url}/api/create',
                headers={'Content-Type': 'application/json'},
                data=json.dumps(create_payload),
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT),
            ) as create_resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9ef70257a58075f3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/openai.py:106
            async with session.get(
                url,
                headers=headers,
                cookies=cookies,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6e1522c538ca551a Filesystem access.
repo/backend/open_webui/routers/openai.py:400
            with open(file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #284e3ce1206d977b Filesystem access.
repo/backend/open_webui/routers/openai.py:404
            with open(file_body_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f57c4de8adc6b275 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/openai.py:660
                    async with session.get(
                        f'{url}/models',
                        headers=headers,
                        cookies=cookies,
                        ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ac1292b98b30051d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/openai.py:778
                async with session.get(
                    f'{url}/models',
                    headers=headers,
                    cookies=cookies,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d6c36114c54ec7a4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:93
                async with session.post(
                    f'{url}/{filter["id"]}/filter/inlet',
                    headers=headers,
                    json=request_data,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #263561492b3653ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:156
                async with session.post(
                    f'{url}/{filter["id"]}/filter/outlet',
                    headers=headers,
                    json=request_data,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6064f01c52c4bd69 Filesystem access.
repo/backend/open_webui/routers/pipelines.py:242
            with open(file_path, 'wb') as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07016171d0d4710b Filesystem access.
repo/backend/open_webui/routers/pipelines.py:252
            with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4cbcd96eb5f91c8b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:261
                async with session.post(
                    f'{url}/pipelines/upload',
                    headers=headers,
                    data=form_data,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9a5081bafe06d528 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:317
            async with session.post(
                f'{url}/pipelines/add',
                headers={'Authorization': f'Bearer {key}'},
                json={'url': form_data.url},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3f138fc3fed64293 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:410
            async with session.get(
                f'{url}/pipelines',
                headers={'Authorization': f'Bearer {key}'},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bd9bdf459d3bed7b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:450
            async with session.get(
                f'{url}/{pipeline_id}/valves',
                headers={'Authorization': f'Bearer {key}'},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f576b269e28fb05f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:497
            async with session.get(
                f'{url}/{pipeline_id}/valves/spec',
                headers={'Authorization': f'Bearer {key}'},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9e44dd2afdc8755f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/pipelines.py:538
            async with session.post(
                f'{url}/{pipeline_id}/valves/update',
                headers={'Authorization': f'Bearer {key}'},
                json={**form_data},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0d9c09cc780fbced Environment-variable access.
repo/backend/open_webui/routers/retrieval.py:1567
            cache_dir=os.getenv('SENTENCE_TRANSFORMERS_HOME') or os.getenv('HF_HUB_CACHE'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #776ac6280ef75b5f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/routers/tools.py:284
            async with session.get(
                url, headers={'Content-Type': 'application/json'}, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3fd70cbd902701a8 Filesystem access.
repo/backend/open_webui/storage/provider.py:65
        with open(file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f39df197b5bdf32c Filesystem access.
repo/backend/open_webui/storage/provider.py:303
            with open(local_file_path, 'wb') as download_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e28d99d951a1b97b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/anthropic.py:45
                async with session.get(
                    f'{url}/models',
                    headers=headers,
                    params=params,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b610eac582c3d214 Filesystem access.
repo/backend/open_webui/utils/auth.py:81
    with open(file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #93359b4aecd05f32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/auth.py:99
        res = requests.post(
            f'{u}/api/v1/license/',
            json={'key': key, 'version': '1'},
            timeout=5,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #241224154f7d7630 Environment-variable access.
repo/backend/open_webui/utils/automations.py:43
SCHEDULER_POLL_INTERVAL = int(os.getenv('SCHEDULER_POLL_INTERVAL', os.getenv('AUTOMATION_POLL_INTERVAL', '10')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74004907b2caf664 Environment-variable access.
repo/backend/open_webui/utils/automations.py:44
CALENDAR_ALERT_LOOKAHEAD_MINUTES = int(os.getenv('CALENDAR_ALERT_LOOKAHEAD_MINUTES', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #999657f1044efcb2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/automations.py:347
            async with session.post(
                target_url,
                json={'path': cwd},
                headers=headers,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6575014b189ddb3b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/files.py:65
                async with session.get(
                    url, ssl=AIOHTTP_CLIENT_SESSION_SSL, allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b3f6afc78b854626 Filesystem access.
repo/backend/open_webui/utils/files.py:203
            with open(file_path, 'rb') as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9dd2c0a214d5bb5c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/images/comfyui.py:23
        async with session.post(
            f'{base_url}/prompt',
            json=p,
            headers={**default_headers, 'Authorization': f'Bearer {api_key}'},
            ssl=AIOHTTP_CLIENT_SESSION_SSL,
        ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #92998725c4bd03eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/images/comfyui.py:41
    async with session.get(
        f'{base_url}/view?{url_values}',
        headers={**default_headers, 'Authorization': f'Bearer {api_key}'},
        ssl=AIOHTTP_CLIENT_SESSION_SSL,
    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #77b7e00bdf80f133 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/images/comfyui.py:60
    async with session.get(
        f'{base_url}/history/{prompt_id}',
        headers={**default_headers, 'Authorization': f'Bearer {api_key}'},
        ssl=AIOHTTP_CLIENT_SESSION_SSL,
    ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #069c5ba5657b8b43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/images/comfyui.py:117
    async with session.post(url, data=form, headers=headers, ssl=AIOHTTP_CLIENT_SESSION_SSL) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7d89c68665eee564 Filesystem access.
repo/backend/open_webui/utils/misc.py:678
    with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3188048f8b6f5bb8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:376
            async with session.post(
                server_url,
                json={'jsonrpc': '2.0', 'method': 'initialize', 'params': {}, 'id': 1},
                headers={'Content-Type': 'application/json'},
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ac94bd21e6c90e3e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:411
                        async with session.get(
                            resource_metadata_url, ssl=AIOHTTP_CLIENT_SESSION_SSL
                        ) as resource_response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1407957add75ade7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:511
                async with session.get(url, ssl=AIOHTTP_CLIENT_SESSION_SSL) as oauth_server_metadata_response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f804833dda266044 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:554
            async with session.post(
                registration_url, json=registration_data, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as oauth_client_registration_response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a39e776d3496d98f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:626
                async with session.get(url, ssl=AIOHTTP_CLIENT_SESSION_SSL) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7380389bd7ddba0f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:908
                async with session.get(
                    authorization_url,
                    allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9d1c21b759b75429 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1067
                async with session_http.get(await self.get_server_metadata_url(client_id)) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c4615fbe141acae2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1100
                async with session_http.post(
                    token_endpoint,
                    data=refresh_data,
                    headers={'Content-Type': 'application/x-www-form-urlencoded'},
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21f1187690a28940 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1347
                async with session_http.get(server_metadata_url) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4cb9c95825b1f755 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1377
                async with session_http.post(
                    token_endpoint,
                    data=refresh_data,
                    headers={'Content-Type': 'application/x-www-form-urlencoded'},
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #860f068f2aaf3ee6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1646
                async with session.get(
                    picture_url,
                    **get_kwargs,
                    ssl=AIOHTTP_CLIENT_SESSION_SSL,
                    allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS,
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b71210e49d3a1d84 Hardcoded external endpoint. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:1788
                            async with session.get(
                                'https://api.github.com/user/emails',
                                headers=headers,
                                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5eebcc79416385f9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/oauth.py:2094
                    async with session.get(server_metadata_url, ssl=AIOHTTP_CLIENT_SESSION_SSL) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4a3fcff2c1371f98 Filesystem access.
repo/backend/open_webui/utils/pdf_generator.py:30
        self.css = Path(STATIC_DIR / 'assets' / 'pdf-style.css').read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c19415be70918c5d Filesystem access.
repo/backend/open_webui/utils/plugin.py:231
        with open(temp_file.name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e426e6ae2c532615 Filesystem access.
repo/backend/open_webui/utils/plugin.py:276
        with open(temp_file.name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96cc6065749a4ec2 Environment-variable access.
repo/backend/open_webui/utils/security_headers.py:63
        value = os.environ.get(env_var, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f81fa90d2a77623b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/tools.py:1045
            async with session.get(
                cwd_url, headers=headers, cookies=cookies or {}, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f1823b7761d28984 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/tools.py:1074
            async with session.get(f'{base}/api/config', ssl=AIOHTTP_CLIENT_SESSION_SSL) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #64c98062094435fe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/tools.py:1082
            async with session.get(
                f'{base}/system', headers=headers, cookies=cookies or {}, ssl=AIOHTTP_CLIENT_SESSION_SSL
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d2896cf6804e6cdf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/tools.py:1286
            async with session.get(url, headers=_headers, ssl=AIOHTTP_CLIENT_SESSION_TOOL_SERVER_SSL) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #132681668f09199d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/backend/open_webui/utils/webhook.py:81
            async with session.post(
                url,
                json=payload,
                ssl=AIOHTTP_CLIENT_SESSION_SSL,
                allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS,
            ) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d3da9bb0901edf1f Filesystem access.
repo/contribution_stats.py:11
        with open(filepath, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8906ca27a6d177bb Environment-variable access.
repo/hatch_build.py:20
        os.environ['APP_BUILD_HASH'] = version

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

azure-ai-documentintelligence

python dependency
medium pii_flow dependency Excluded from app score #a90b2740140a21a1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:82
        print(f"----Barcodes detected from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #59baec592d296f25 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:84
            print(f"Detected {len(page.barcodes)} barcodes:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #de63a21e286ba3ac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:86
                print(f"- Barcode #{barcode_idx}: {barcode.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #98e28ae810dc5527 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:87
                print(f"  Kind: {barcode.kind}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #56212093465df4d8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:88
                print(f"  Confidence: {barcode.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b389d94168596e6a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:89
                print(f"  Bounding regions: {format_polygon(barcode.polygon)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #491e76c745393954 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:112 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:112
        print(f"  Text: '{get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a25ac5a6c1c8d2c3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:117
        print(f"  Text: '{get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f2d0ddcfa518369c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:122 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:122
        print(f"  Text: '{get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bbe2ba61ef303d8b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:127 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:127
        print(f"  Text: '{get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f5bb964a8cada8c5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:132 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:132
        print(f"  Text: '{get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c6ef7993718d14e6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:83 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:83
        print(f"----Formulas detected from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c247aa00ac90a404 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:88
            print(f"Detected {len(inline_formulas)} inline formulas.")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0034c6eca15079b6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:90 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:90
                print(f"- Inline #{formula_idx}: {formula.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0e48199acf1837b1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:91 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:91
                print(f"  Confidence: {formula.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4a90e9caeaafcd7e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:92
                print(f"  Bounding regions: {format_polygon(formula.polygon)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c018b363b643fbf7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:94
            print(f"\nDetected {len(display_formulas)} display formulas.")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5100e2060f9d94e4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:96 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:96
                print(f"- Display #{formula_idx}: {formula.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #12052f12851b1eac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:97 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:97
                print(f"  Confidence: {formula.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #071dc14b55f90200 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:98
                print(f"  Bounding regions: {format_polygon(formula.polygon)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0a5f42184effcb05 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:101
        print(f"----Analyzing layout from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e9253976bf5fc0c4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:102 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:102
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #46c239804f9b43b7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:107 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:107
                print(
                    f"...Line # {line_idx} has word count {len(words)} and text '{line.content}' "
                    f"within bounding polygon '{format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #494f14324c91c930 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:114 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:114
                print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c1451715d8d7d060 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:118
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5d875da5dd40062a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:125 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:125
            print(f"Table # {table_idx} has {table.row_count} rows and " f"{table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ee2e628a1a61d0b2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:128
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #235a172fd9101d8b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:132 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:132
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4e88a7ecb43285b2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:135
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{format_polygon(region.polygon)}'"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5bab27de1c824bd0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:76
        print(f"Detected {len(result.languages)} languages:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fa55e38c60d04ed2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:78
            print(f"- Language #{lang_idx}: locale '{lang.locale}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9836c4ced8db7ac0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:79
            print(f"  Confidence: {lang.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #234d15b33e5bd681 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:70
                print(f"Address: {doc.fields['Address'].value_string}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1b0646b91553e92d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:72
                print(f"Invoice number: {doc.fields['InvoiceNumber'].value_string}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c6aec9a4544be510 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:77
            print(f"Succeeded count: {final_result.succeeded_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7e92ff5be3213c5f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:78
            print(f"Failed count: {final_result.failed_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e3158c1ef5bcab3e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:79
            print(f"Skipped count: {final_result.skipped_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ece308fbc17e797e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:78
            print(f"--------Analyzing document #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #478667b50895bd64 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:79
            print(f"Document has type {document.doc_type}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #efd258793cd66c46 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:80
            print(f"Document has document type confidence {document.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #00a95e57631bb5b5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:81
            print(f"Document was analyzed with model with ID {result.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #728b62e955190503 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:85
                    print(
                        f"......found field of type '{field.type}' with value '{field_value}' and with confidence {field.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #29d5048c8971b62c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:45 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:45
    print(f"Here's the full content in format {result.content_format}:\n")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2a568b719873c891 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:46 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:46
    print(result.content)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2d43179b60e9408e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:92
                print(
                    f"Key '{kv_pair.key.content}' found within "
                    f"'{format_bounding_region(kv_pair.key.bounding_regions)}' bounding regions"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f105f69cbfa0a1ab PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:97 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:97
                print(
                    f"Value '{kv_pair.value.content}' found within "
                    f"'{format_bounding_region(kv_pair.value.bounding_regions)}' bounding regions\n"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4ad9eed0cf14901b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:103 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:103
        print(f"----Analyzing document from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2b3773f631fc03d3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:104
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #98ec660f783b01ab PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:109
                print(
                    f"...Line #{line_idx} has {len(words)} words and text '{line.content}' within "
                    f"bounding polygon '{format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dc032f8222520217 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:116 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:116
                print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e364fae393c29212 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:120 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:120
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{format_polygon(selection_mark.polygon)}' and has a confidence of "
                    f"{selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #114ea284059c1e60 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:128
            print(f"Table # {table_idx} has {table.row_count} rows and {table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8bb3937179adca83 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:131 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:131
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #094eac63403751e8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:135
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5bff6fabc9954cc6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:138 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:138
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{format_polygon(region.polygon)}'\n"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #acd40026a3c1cd86 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:55 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:55
            print(f"--------Analyzing ID document #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b62f62ae4332b1bc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:59
                    print(f"First Name: {first_name.get('valueString')} has confidence: {first_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d6982bb5a69026bf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:62 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:62
                    print(f"Last Name: {last_name.get('valueString')} has confidence: {last_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f474960194f6a30e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:65
                    print(
                        f"Document Number: {document_number.get('valueString')} has confidence: {document_number.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b0fa83a5f048bd88 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:70
                    print(f"Date of Birth: {dob.get('valueDate')} has confidence: {dob.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ee1e7854bb65c17c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:73
                    print(f"Date of Expiration: {doe.get('valueDate')} has confidence: {doe.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c1530cae2547cdcd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:76
                    print(f"Sex: {sex.get('valueString')} has confidence: {sex.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #afef8a3f409ef306 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:79
                    print(f"Address: {address.get('valueString')} has confidence: {address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #24fc96e2d237b952 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:82
                    print(
                        f"Country/Region: {country_region.get('valueCountryRegion')} has confidence: {country_region.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5e19e1bdfdf5fd4e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:87
                    print(f"Region: {region.get('valueString')} has confidence: {region.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ea27ad7541fdf11f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:57
            print(f"--------Analyzing invoice #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d6d0bade6b532f8d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:61
                    print(f"Vendor Name: {vendor_name.get('content')} has confidence: {vendor_name.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #69f19d1c46fc132c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:64
                    print(
                        f"Vendor Address: {vendor_address.get('content')} has confidence: {vendor_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2e9cd0e9075af75c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:69
                    print(
                        f"Vendor Address Recipient: {vendor_address_recipient.get('content')} has confidence: {vendor_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c0916e52957f2ac0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:74
                    print(
                        f"Customer Name: {customer_name.get('content')} has confidence: {customer_name.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #89e1ec46b7c4a388 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:79
                    print(f"Customer Id: {customer_id.get('content')} has confidence: {customer_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #69ef91ae6aa276f7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:82
                    print(
                        f"Customer Address: {customer_address.get('content')} has confidence: {customer_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #db0f8b5cb40e9475 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:87
                    print(
                        f"Customer Address Recipient: {customer_address_recipient.get('content')} has confidence: {customer_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3d8b13ad29d16f02 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:92
                    print(f"Invoice Id: {invoice_id.get('content')} has confidence: {invoice_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a017d4d5ccb20887 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:95
                    print(
                        f"Invoice Date: {invoice_date.get('content')} has confidence: {invoice_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #88f73449b505528d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:100
                    print(
                        f"Invoice Total: {invoice_total.get('content')} has confidence: {invoice_total.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9838390e04af7da5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:105 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:105
                    print(f"Due Date: {due_date.get('content')} has confidence: {due_date.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ab194334366a81d8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:108 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:108
                    print(
                        f"Purchase Order: {purchase_order.get('content')} has confidence: {purchase_order.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #48f7e1a5b4808abf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:113 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:113
                    print(
                        f"Billing Address: {billing_address.get('content')} has confidence: {billing_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8fa28453c097469f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:118
                    print(
                        f"Billing Address Recipient: {billing_address_recipient.get('content')} has confidence: {billing_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bef62a99b9882359 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:123
                    print(
                        f"Shipping Address: {shipping_address.get('content')} has confidence: {shipping_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a8691f0fa3fd2869 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:128
                    print(
                        f"Shipping Address Recipient: {shipping_address_recipient.get('content')} has confidence: {shipping_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c625abdd1edd8fac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:135
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8a20e4a291cb9728 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:138 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:138
                            print(
                                f"......Description: {item_description.get('content')} has confidence: {item_description.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a4e0a6c0efb194c0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:143 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:143
                            print(
                                f"......Quantity: {item_quantity.get('content')} has confidence: {item_quantity.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8203420faa7ad246 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:148 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:148
                            print(f"......Unit: {unit.get('content')} has confidence: {unit.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d57eddd2793ab96e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:156 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:156
                            print(
                                f"......Unit Price: {unit_price.get('content')}{unit_price_code} has confidence: {unit_price.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8af823651256030f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:161 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:161
                            print(
                                f"......Product Code: {product_code.get('content')} has confidence: {product_code.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #df8d801a173a7283 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:166 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:166
                            print(
                                f"......Date: {item_date.get('content')} has confidence: {item_date.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3f8a6745fb79e0c0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:171 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:171
                            print(f"......Tax: {tax.get('content')} has confidence: {tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c45086c0250582fe PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:174 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:174
                            print(f"......Amount: {amount.get('content')} has confidence: {amount.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #003ff875e7629c6a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:177 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:177
                    print(f"Subtotal: {subtotal.get('content')} has confidence: {subtotal.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5c1e890b4aa9df21 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:180 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:180
                    print(f"Total Tax: {total_tax.get('content')} has confidence: {total_tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8a3100433c53314d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:183 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:183
                    print(
                        f"Previous Unpaid Balance: {previous_unpaid_balance.get('content')} has confidence: {previous_unpaid_balance.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8896ac20e4274494 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:188 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:188
                    print(f"Amount Due: {amount_due.get('content')} has confidence: {amount_due.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #90d1311478957093 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:191 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:191
                    print(
                        f"Service Start Date: {service_start_date.get('content')} has confidence: {service_start_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0eae538b5e1a8775 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:196 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:196
                    print(
                        f"Service End Date: {service_end_date.get('content')} has confidence: {service_end_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1f45ae73fc8b36eb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:201 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:201
                    print(
                        f"Service Address: {service_address.get('content')} has confidence: {service_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b16c97c793cea0c1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:206 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:206
                    print(
                        f"Service Address Recipient: {service_address_recipient.get('content')} has confidence: {service_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1124d5f0880efff2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:211 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:211
                    print(
                        f"Remittance Address: {remittance_address.get('content')} has confidence: {remittance_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #951abe3ba55420fe PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:216 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:216
                    print(
                        f"Remittance Address Recipient: {remittance_address_recipient.get('content')} has confidence: {remittance_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0e3ba5d957282a9b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:57
            print(f"--------Analyzing invoice #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8d8107b1f48882cf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:61
                    print(f"Vendor Name: {vendor_name.get('content')} has confidence: {vendor_name.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3dde335bdb5c875a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:64
                    print(
                        f"Vendor Address: {vendor_address.get('content')} has confidence: {vendor_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3d80279f3731d226 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:69
                    print(
                        f"Vendor Address Recipient: {vendor_address_recipient.get('content')} has confidence: {vendor_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #acf27f384f1c771a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:74
                    print(
                        f"Customer Name: {customer_name.get('content')} has confidence: {customer_name.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7d224bb915c9dca5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:79
                    print(f"Customer Id: {customer_id.get('content')} has confidence: {customer_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e3e3a5d90547f22d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:82
                    print(
                        f"Customer Address: {customer_address.get('content')} has confidence: {customer_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #592b38fd329af5d7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:87
                    print(
                        f"Customer Address Recipient: {customer_address_recipient.get('content')} has confidence: {customer_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e634d913ba7dc471 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:92
                    print(f"Invoice Id: {invoice_id.get('content')} has confidence: {invoice_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3fc1bfafc2808cef PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:95
                    print(
                        f"Invoice Date: {invoice_date.get('content')} has confidence: {invoice_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #42944df4660a9d91 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:100
                    print(
                        f"Invoice Total: {invoice_total.get('content')} has confidence: {invoice_total.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aa841c4f1f942cbb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:105 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:105
                    print(f"Due Date: {due_date.get('content')} has confidence: {due_date.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #13c8309ac0b61b0b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:108 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:108
                    print(
                        f"Purchase Order: {purchase_order.get('content')} has confidence: {purchase_order.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b0690ccc17451134 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:113 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:113
                    print(
                        f"Billing Address: {billing_address.get('content')} has confidence: {billing_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b40709dc03be808d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:118
                    print(
                        f"Billing Address Recipient: {billing_address_recipient.get('content')} has confidence: {billing_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e0e74b68092a588d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:123
                    print(
                        f"Shipping Address: {shipping_address.get('content')} has confidence: {shipping_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #88680a610988b897 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:128
                    print(
                        f"Shipping Address Recipient: {shipping_address_recipient.get('content')} has confidence: {shipping_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #816d1d1f19786dd4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:135
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d3842ee988ffcfad PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:138 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:138
                            print(
                                f"......Description: {item_description.get('content')} has confidence: {item_description.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #94f590974e6bd48d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:143 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:143
                            print(
                                f"......Quantity: {item_quantity.get('content')} has confidence: {item_quantity.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fd9a6579a8b6b90d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:148 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:148
                            print(f"......Unit: {unit.get('content')} has confidence: {unit.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4697b9ffb2aa7222 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:156 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:156
                            print(
                                f"......Unit Price: {unit_price.get('content')}{unit_price_code} has confidence: {unit_price.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e3f5c4be9a80a11a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:161 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:161
                            print(
                                f"......Product Code: {product_code.get('content')} has confidence: {product_code.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8a1c4ab2f0e37be5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:166 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:166
                            print(
                                f"......Date: {item_date.get('content')} has confidence: {item_date.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7b2ef3035e20155c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:171 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:171
                            print(f"......Tax: {tax.get('content')} has confidence: {tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ecd703f49fe61aee PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:174 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:174
                            print(f"......Amount: {amount.get('content')} has confidence: {amount.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a555c12ffc207d54 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:177 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:177
                    print(f"Subtotal: {subtotal.get('content')} has confidence: {subtotal.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ee37912766a48035 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:180 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:180
                    print(f"Total Tax: {total_tax.get('content')} has confidence: {total_tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9503f9df12dffa6d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:183 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:183
                    print(
                        f"Previous Unpaid Balance: {previous_unpaid_balance.get('content')} has confidence: {previous_unpaid_balance.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7f40d24e34a9429b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:188 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:188
                    print(f"Amount Due: {amount_due.get('content')} has confidence: {amount_due.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #18d16e10d66d52e1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:191 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:191
                    print(
                        f"Service Start Date: {service_start_date.get('content')} has confidence: {service_start_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #48c063a1daba9dd7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:196 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:196
                    print(
                        f"Service End Date: {service_end_date.get('content')} has confidence: {service_end_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #01bf177c3e62bfe3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:201 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:201
                    print(
                        f"Service Address: {service_address.get('content')} has confidence: {service_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6b2ca8ef62230d47 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:206 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:206
                    print(
                        f"Service Address Recipient: {service_address_recipient.get('content')} has confidence: {service_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1c4adc32717a231d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:211 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:211
                    print(
                        f"Remittance Address: {remittance_address.get('content')} has confidence: {remittance_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7cabcee830b44f13 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:216 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:216
                    print(
                        f"Remittance Address Recipient: {remittance_address_recipient.get('content')} has confidence: {remittance_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #933d29384d705135 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:88
        print(f"----Analyzing layout from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6b78fca275c334a0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:89
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #55ed34fa037db82a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:94
                print(
                    f"...Line # {line_idx} has word count {len(words)} and text '{line.content}' "
                    f"within bounding polygon '{format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c5ccb8f875cbcd96 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:101
                print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f5d3ebf1e8fef33d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:105 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:105
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c353923e5dad6b85 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:111 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:111
        print(f"----Detected #{len(result.paragraphs)} paragraphs in the document----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a04dc8295d3183c8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:116 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:116
            print(
                f"Found paragraph with role: '{paragraph.role}' within {format_bounding_region(paragraph.bounding_regions)} bounding region"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d752c8541cae66b7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:119
            print(f"...with content: '{paragraph.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b927646b321f37bf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:120 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:120
            print(f"...with offset: {paragraph.spans[0].offset} and length: {paragraph.spans[0].length}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e4406431b6e7afa5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:124
            print(f"Table # {table_idx} has {table.row_count} rows and " f"{table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b55127c58aa85788 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:127 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:127
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #93e973623a8b6ab3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:131 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:131
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #af260732d274c298 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:134
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{format_polygon(region.polygon)}'"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c95d8ef8f4818629 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:85
            print(f"Language code: '{language.locale}' with confidence {language.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #19de93ff1d7d7a87 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:94
                print(f"The document contains '{style.font_style}' font style, applied to the following text: ")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #61cc5318607c550c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:98
        print(f"----Analyzing document from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #05adae971c68552b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:99
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #67a6fcb2458acf6f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:104
                print(
                    f"...Line # {line_idx} has {len(words)} words and text '{line.content}' within bounding polygon '{format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c8a3e6e520ac9b8f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:109
                    print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aa3a12f3f12d2a01 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:113 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:113
                print(
                    f"...Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d08ef3e231e3ae32 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:119
        print(f"----Detected #{len(result.paragraphs)} paragraphs in the document----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b399f7a851e01641 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:124
            print(
                f"Found paragraph with role: '{paragraph.role}' within {format_bounding_region(paragraph.bounding_regions)} bounding region"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #93fd1778c9b4a6b4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:127 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:127
            print(f"...with content: '{paragraph.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8fa00839e0217619 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:128
            print(f"...with offset: {paragraph.spans[0].offset} and length: {paragraph.spans[0].length}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6c9b3e2744f87dac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:64
            print(f"--------Analysis of receipt #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f4450823f22ec0cd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:65
            print(f"Receipt type: {receipt.doc_type if receipt.doc_type else 'N/A'}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #63e33b59edeadb1f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:69
                    print(
                        f"Merchant Name: {merchant_name.get('valueString')} has confidence: "
                        f"{merchant_name.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9c741757a8895b95 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:75
                    print(
                        f"Transaction Date: {transaction_date.get('valueDate')} has confidence: "
                        f"{transaction_date.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fbb8d47a5837a1e6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:83 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:83
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bf42fd718375cf67 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:86
                            print(
                                f"......Item Description: {item_description.get('valueString')} has confidence: "
                                f"{item_description.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0e289480b6ca4939 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:92
                            print(
                                f"......Item Quantity: {item_quantity.get('valueString')} has confidence: "
                                f"{item_quantity.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d1c26bfe4e1ce111 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:98
                            print(
                                f"......Total Item Price: {format_price(item_total_price.get('valueCurrency'))} has confidence: "
                                f"{item_total_price.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9980dbaa81350d6a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:104
                    print(
                        f"Subtotal: {format_price(subtotal.get('valueCurrency'))} has confidence: {subtotal.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #350c5d4fe5bcd513 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:109
                    print(f"Total tax: {format_price(tax.get('valueCurrency'))} has confidence: {tax.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #52f8d5fb329a0329 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:112 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:112
                    print(f"Tip: {format_price(tip.get('valueCurrency'))} has confidence: {tip.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9ebda8d983c2a3d7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:115 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:115
                    print(f"Total: {format_price(total.get('valueCurrency'))} has confidence: {total.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #784a8318af8a1a08 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:53 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:53
            print(f"--------Analysis of receipt #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #54e2fda3c238fa5f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:54 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:54
            print(f"Receipt type: {receipt.doc_type if receipt.doc_type else 'N/A'}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c7a0588b020bd924 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:58
                    print(
                        f"Merchant Name: {merchant_name.get('valueString')} has confidence: "
                        f"{merchant_name.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3b19f4d2ae1d7a94 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:64
                    print(
                        f"Transaction Date: {transaction_date.get('valueDate')} has confidence: "
                        f"{transaction_date.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b31e18e7651a203a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:72
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cd093f9ba3af3e6a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:75
                            print(
                                f"......Item Description: {item_description.get('valueString')} has confidence: "
                                f"{item_description.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #136533bfa118e855 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:81
                            print(
                                f"......Item Quantity: {item_quantity.get('valueString')} has confidence: "
                                f"{item_quantity.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #abe81bf545dbe3a5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:87
                            print(
                                f"......Total Item Price: {format_price(item_total_price.get('valueCurrency'))} has confidence: "
                                f"{item_total_price.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d13d670c8b6e7d32 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:93
                    print(
                        f"Subtotal: {format_price(subtotal.get('valueCurrency'))} has confidence: {subtotal.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #394a3fb2b2cfaf0e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:98
                    print(f"Total tax: {format_price(tax.get('valueCurrency'))} has confidence: {tax.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7ad1ad45c721c2b7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:101
                    print(f"Tip: {format_price(tip.get('valueCurrency'))} has confidence: {tip.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #067944cffd6463eb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:104
                    print(f"Total: {format_price(total.get('valueCurrency'))} has confidence: {total.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #643b2f8367651941 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:61
            print(f"--------Analyzing US Tax W-2 Form #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #24db3cd5c62f7eea PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:65
                    print(
                        f"Form variant: {form_variant.get('valueString')} has confidence: " f"{form_variant.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9e79dc2519eb6f5a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:70
                    print(f"Tax year: {tax_year.get('valueString')} has confidence: {tax_year.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d98c4f6e524f8852 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:73
                    print(f"W-2 Copy: {w2_copy.get('valueString')} has confidence: {w2_copy.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #af0434b2cffdd9cc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:79
                        print(f"...Name: {employee_name.get('valueString')} has confidence: {employee_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e0fa664c54ce564c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:82
                        print(f"...SSN: {employee_ssn.get('valueString')} has confidence: {employee_ssn.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1057778fb56ed517 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:85
                        print(f"...Address: {format_address_value(employee_address.get('valueAddress'))}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b79b39ef8729d8d4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:86
                        print(f"......has confidence: {employee_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b468f4ca5f12442e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:89
                        print(f"...Zipcode: {employee_zipcode} has confidence: " f"{employee_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #31233c7961e28941 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:92
                    print(
                        f"Control Number: {control_number.get('valueString')} has confidence: "
                        f"{control_number.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fc860c405981e5e6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:101
                        print(f"...Name: {employer_name.get('valueString')} has confidence: {employer_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4a678c1eaeaaccb2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:104
                        print(
                            f"...ID Number: {employer_id.get('valueString')} has confidence: {employer_id.confidence}"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5d62569ae4157007 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:109
                        print(f"...Address: {format_address_value(employer_address.get('valueAddress'))}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1580f79c2c424305 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:110 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:110
                        print(f"\n......has confidence: {employer_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f80e301e27647fa9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:113 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:113
                        print(f"...Zipcode: {employer_zipcode} has confidence: {employer_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7d6c848a49171d1d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:116 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:116
                    print(
                        f"Wages, tips, and other compensation: {wages_tips.get('valueNumber')} "
                        f"has confidence: {wages_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2ddcb435156a6faf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:122 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:122
                    print(
                        f"Federal income tax withheld: {fed_income_tax_withheld.get('valueNumber')} has "
                        f"confidence: {fed_income_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #511b1eae0725fce6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:128
                    print(
                        f"Social Security wages: {social_security_wages.get('valueNumber')} has confidence: "
                        f"{social_security_wages.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8fef11f903e30433 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:134
                    print(
                        f"Social Security tax withheld: {social_security_tax_withheld.get('valueNumber')} "
                        f"has confidence: {social_security_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #18a9613c297ca83f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:140 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:140
                    print(
                        f"Medicare wages and tips: {medicare_wages_tips.get('valueNumber')} has confidence: "
                        f"{medicare_wages_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a476803f986fdcd5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:146 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:146
                    print(
                        f"Medicare tax withheld: {medicare_tax_withheld.get('valueNumber')} has confidence: "
                        f"{medicare_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6d84e395adbb881c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:152 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:152
                    print(
                        f"Social Security tips: {social_security_tips.get('valueNumber')} has confidence: "
                        f"{social_security_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f26cb92dde5c0a09 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:158 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:158
                    print(
                        f"Allocated tips: {allocated_tips.get('valueNumber')} has confidence: {allocated_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6fc02c4e2b1df82b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:163 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:163
                    print(
                        f"Verification code: {verification_code.get('valueNumber')} has confidence: {verification_code.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b52d75da592040ff PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:168 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:168
                    print(
                        f"Dependent care benefits: {dependent_care_benefits.get('valueNumber')} has confidence: {dependent_care_benefits.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b48a6f9e61bb7cfa PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:173 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:173
                    print(
                        f"Non-qualified plans: {non_qualified_plans.get('valueNumber')} has confidence: {non_qualified_plans.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7e55ef31c4ebde0d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:182 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:182
                            print(
                                f"...Letter code: {letter_code.get('valueString')} has confidence: {letter_code.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #29389726357998e1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:187 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:187
                            print(f"...Amount: {amount.get('valueNumber')} has confidence: {amount.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9df5f81de3fc07de PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:190 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:190
                    print(
                        f"Is statutory employee: {is_statutory_employee.get('valueString')} has confidence: {is_statutory_employee.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0fbf305091f47f27 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:195 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:195
                    print(
                        f"Is retirement plan: {is_retirement_plan.get('valueString')} has confidence: {is_retirement_plan.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c97db3c3c206e816 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:200 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:200
                    print(
                        f"Is third party sick pay: {third_party_sick_pay.get('valueString')} has confidence: {third_party_sick_pay.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #74a385eee5908740 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:205 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:205
                    print(f"Other information: {other_info.get('valueString')} has confidence: {other_info.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bcfdd77eef337c23 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:212 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:212
                            print(f"...State: {state.get('valueString')} has confidence: {state.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ca86411338b6a40e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:215 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:215
                            print(
                                f"...Employer state ID number: {employer_state_id_number.get('valueString')} has "
                                f"confidence: {employer_state_id_number.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9e09e76fc89343c9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:221 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:221
                            print(
                                f"...State wages, tips, etc: {state_wages_tips.get('valueNumber')} has confidence: "
                                f"{state_wages_tips.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ecf7bdf543ef4b78 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:227 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:227
                            print(
                                f"...State income tax: {state_income_tax.get('valueNumber')} has confidence: "
                                f"{state_income_tax.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8934a5ec33ef29bf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:237 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:237
                            print(
                                f"...Local wages, tips, etc: {local_wages_tips.get('valueNumber')} has confidence: "
                                f"{local_wages_tips.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aa08125b828fe1a3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:243 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:243
                            print(
                                f"...Local income tax: {local_income_tax.get('valueNumber')} has confidence: "
                                f"{local_income_tax.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #926f1217dd8e62ed PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:249 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:249
                            print(
                                f"...Locality name: {locality_name.get('valueString')} has confidence: "
                                f"{locality_name.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #74f4e613b3249966 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:63 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:63
                print(
                    f"Found document of type '{doc.doc_type or 'N/A'}' with a confidence of {doc.confidence} contained on "
                    f"the following pages: {[region.page_number for region in doc.bounding_regions]}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f97e769b34fddd59 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:116 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:116
    print(f"Model ID: {model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #274ceb43c43eb7ab PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:117
    print(f"Description: {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e24fc6be2f47b9b9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:118
    print(f"Model created on: {model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ac966d189115102b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:119
    print(f"Model expires on: {model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f9b806cae6810ec8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:123
            print(f"Doc Type: '{name}' which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a797598e4d8c8461 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:126 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:126
                    print(
                        f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                        f"{doc_type.field_confidence[field_name]}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bbe72b4c2dd6cabd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:133 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:133
            print(f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #001a19650b46ab88 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:65
    print(f"Model ID: '{model.model_id}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ea3b8ec46d7ed0c6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:66
    print(f"Number of pages analyzed {len(model.pages)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #280e8d6711d79c36 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:67
    print(f"API version used: {model.api_version}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f4755597153e05f8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:67
    print(f"Model ID: {copied_over_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9a1b867c290f6275 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:68 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:68
    print(f"Description: {copied_over_model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #77c2d2b63b4e7c40 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:69
    print(f"Model created on: {copied_over_model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2bc0b903e530d064 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:70
    print(f"Model expires on: {copied_over_model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dd8834e652d89b7b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:74
            print(f"Doc Type: '{name}' which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c4bb27e742d383f6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:78
                        print(
                            f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                            f"{doc_type.field_confidence[field_name]}"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e39131db62d31137 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:85
            print(f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7621b578c9c4e768 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:68 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:68
        print(f"Built classifier with ID: {classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b2f6c39436b7413a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:69
        print(f"API version used to build the classifier model: {classifier.api_version}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #477fb14fc4a76b78 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:70
        print(f"Classifier description: {classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #de4ce08ff674dd7e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:73
            print(f"Document type: {doc_type}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bc4b15dfd7528e02 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:75
                print(f"Container source: {details.azure_blob_source.container_url}\n")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ba8c656dc1de2baa PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:82
            print(f"{classifier.classifier_id} | {classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aa374befc30e80d0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:85
        print(f"\nClassifier ID: {my_classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e15ad432dd03c29a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:86
        print(f"Description: {my_classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6d95bf6d6ce6f24a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:87
        print(f"Classifier created on: {my_classifier.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d0b6914515a4d4ff PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:88
        print(f"Classifier expires on: {my_classifier.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3785312b63fa7082 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:98
            print(f"Successfully deleted classifier with ID {my_classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #85f464d88c024c05 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:57
        print(f"Model ID: {model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dbdabac1d0389744 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:58
        print(f"Description: {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e0ebc0019cb3f527 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:59
        print(f"Model created on: {model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b959bf37c14ad2a4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:60 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:60
        print(f"Model expires on: {model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ff3046521e28e881 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:64
                print(f"Doc Type: '{name}' built with '{doc_type.build_mode}' mode which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #00b88aede3fbc886 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:68 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:68
                            print(
                                f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                                f"{doc_type.field_confidence[field_name]}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6e305a5a7d15c522 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:75
                print(
                    f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8777f6c62e957ced PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:80
        print(
            f"Our resource has {account_details.custom_document_models.count} custom models, "
            f"and we can have at most {account_details.custom_document_models.limit} custom models"
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #85d29396e5febbc0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:90 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:90
            print(f"{model.model_id} | {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a90f3bac5769ac6f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:93
        print(f"\nModel ID: {my_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ae4171d31a15a06b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:94
        print(f"Description: {my_model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #869dafb7a714200e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:95
        print(f"Model created on: {my_model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fa48aae7248b74f6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:96 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:96
        print(f"Model expires on: {my_model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e32b7eb804761760 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:106 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:106
            print(f"Successfully deleted model with ID {my_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4a3ce4f0b48184b5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:44 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:32 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:44
        print(
            f"Our resource has {response_body['customDocumentModels']['count']} custom models, "
            f"and we can have at most {response_body['customDocumentModels']['limit']} custom models."
            f"The quota limit for custom neural document models is {response_body['customNeuralDocumentModelBuilds']['quota']} and the resource has"
            f"used {response_body['customNeuralDocumentModelBuilds']['used']}. The resource quota will reset on {response_body['customNeuralDocumentModelBuilds']['quotaResetDateTime']}"
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #129b02f87c717e72 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:74
        print(f"----Barcodes detected from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f4f3dbebbe545c01 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:76
            print(f"Detected {len(page.barcodes)} barcodes:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b8c213eab7117a34 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:78
                print(f"- Barcode #{barcode_idx}: {barcode.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b80b362014cb54b9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:79
                print(f"  Kind: {barcode.kind}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #788237c6c74cbb79 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:80
                print(f"  Confidence: {barcode.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #053ae6a61ed720b0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:85
                    print(
                        ", ".join(
                            [
                                f"[{barcode.polygon[i]}, {barcode.polygon[i + 1]}]"
                                for i in range(0, len(barcode.polygon), 2)
                            ]
                        )
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6c442fe241eb9195 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:109
        print(f"  Text: '{_get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c6b108ea49e81840 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:114 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:114
        print(f"  Text: '{_get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a7895fae3f86888a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:119
        print(f"  Text: '{_get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b0aa352d906990f4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:124
        print(f"  Text: '{_get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #824e7e2d6b6fba02 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:129 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:129
        print(f"  Text: '{_get_styled_text(styles, result.content)}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #568de8d997f5cd7d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:80
        print(f"----Formulas detected from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5a1df5c46b1177f4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:85
            print(f"Detected {len(inline_formulas)} inline formulas.")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #039796ce58d68f77 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:87
                print(f"- Inline #{formula_idx}: {formula.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a5b9b150fa7a1434 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:88
                print(f"  Confidence: {formula.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e78190895d9b8afc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:89
                print(f"  Bounding regions: {_format_polygon(formula.polygon)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #28a5ebea8755e27b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:91 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:91
            print(f"\nDetected {len(display_formulas)} display formulas.")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c5c75c8207509cd4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:93
                print(f"- Display #{formula_idx}: {formula.value}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #64c51756ce5d78e9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:94
                print(f"  Confidence: {formula.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d5175d009d0e9b97 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:95
                print(f"  Bounding regions: {_format_polygon(formula.polygon)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d69501ddf9d95d9e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:89
        print(f"----Analyzing layout from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aef9b6a5b8fcdbee PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:90 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:90
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a8763b1f4ff80112 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:97 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:97
                        print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fbe284104e548833 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:100
                print(
                    f"...Line # {line_idx} has word count {len(words)} and text '{line.content}' "
                    f"within bounding polygon '{_format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8b18816fef73cf3d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:107 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:107
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{_format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #489f73e2b4379389 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:114 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:114
            print(f"Table # {table_idx} has {table.row_count} rows and " f"{table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #99d3b9eb2a2f51ce PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:117
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {_format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b47279622d15aabd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:121 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:121
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f2ddc7961999274a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:124
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{_format_polygon(region.polygon)}'"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f4ff9d6c7ad839ed PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:74
        print(f"Detected {len(result.languages)} languages:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dffb06d2c150116c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:76
            print(f"- Language #{lang_idx}: locale '{lang.locale}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a9c4cc7067ab08cc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:77
            print(f"  Confidence: {lang.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bb42be4e6ef0900e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:69
                print(f"Address: {doc.fields['Address'].value_string}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #26a96ae04be6aed9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:71 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:71
                print(f"Invoice number: {doc.fields['InvoiceNumber'].value_string}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e785c8c7d29c605f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:73
        print(f"Succeeded count: {final_result.succeeded_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d1d610aa5aa9d0af PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:74
        print(f"Failed count: {final_result.failed_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #754173f9572b07f1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:75
        print(f"Skipped count: {final_result.skipped_count}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #059f8c6bc5990ee3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:77
            print(f"--------Analyzing document #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #57a728e23c312037 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:78
            print(f"Document has type {document.doc_type}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cdc763323b86642f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:79
            print(f"Document has document type confidence {document.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f2fd0f7acaafec4a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:80
            print(f"Document was analyzed with model with ID {result.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b2765eca4592fbd1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:84
                    print(
                        f"......found field of type '{field.type}' with value '{field_value}' and with confidence {field.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d4ccc9c06fdbb1ac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:44 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:44
    print(f"Here's the full content in format {result.content_format}:\n")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #38d26a822e645b37 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:45 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:45
    print(result.content)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bb73160db1cc5dcb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:81
                print(
                    f"Key '{kv_pair.key.content}' found within "
                    f"'{_format_bounding_region(kv_pair.key.bounding_regions)}' bounding regions"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6b704c164310ef7e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:86
                print(
                    f"Value '{kv_pair.value.content}' found within "
                    f"'{_format_bounding_region(kv_pair.value.bounding_regions)}' bounding regions\n"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3734cce4435316d9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:92
        print(f"----Analyzing document from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2eb7f4dfa3de9dd4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:93
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6ddbfd896fa94dc4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:100
                        print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #14f0cfd9273d1ed9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:103 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:103
                print(
                    f"...Line #{line_idx} has {len(words)} words and text '{line.content}' within "
                    f"bounding polygon '{_format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aa52ac086e90211d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:110 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:110
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{_format_polygon(selection_mark.polygon)}' and has a confidence of "
                    f"{selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #83f6721345c64590 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:118
            print(f"Table # {table_idx} has {table.row_count} rows and {table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #81180d36888e37a4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:121 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:121
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {_format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a7ac66017c9cb96d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:125 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:125
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aef3a3083a92a10a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:128
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{_format_polygon(region.polygon)}'\n"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f118b36fa4f19bd8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:52 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:52
            print(f"--------Analyzing ID document #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e6c00e82e0c5b2ba PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:56 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:56
                    print(f"First Name: {first_name.get('valueString')} has confidence: {first_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7e196b894fc9429b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:59
                    print(f"Last Name: {last_name.get('valueString')} has confidence: {last_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bb4bcdc8e79ec5ff PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:62 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:62
                    print(
                        f"Document Number: {document_number.get('valueString')} has confidence: {document_number.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e1aaf06989444e33 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:67
                    print(f"Date of Birth: {dob.get('valueDate')} has confidence: {dob.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7efca693edb3085a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:70
                    print(f"Date of Expiration: {doe.get('valueDate')} has confidence: {doe.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #caa2e0539a9d92c0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:73
                    print(f"Sex: {sex.get('valueString')} has confidence: {sex.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #85bdafc7e4450be8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:76
                    print(f"Address: {address.get('valueString')} has confidence: {address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8dd21cfbd3638d56 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:79
                    print(
                        f"Country/Region: {country_region.get('valueCountryRegion')} has confidence: {country_region.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #46638b21980be367 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:84
                    print(f"Region: {region.get('valueString')} has confidence: {region.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dcfe9f74383c5505 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:53 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:53
            print(f"--------Analyzing invoice #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2bfeeb06fda99a82 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:57
                    print(f"Vendor Name: {vendor_name.get('content')} has confidence: {vendor_name.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #adf9c228fa94f6dd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:60 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:60
                    print(
                        f"Vendor Address: {vendor_address.get('content')} has confidence: {vendor_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #219424cebabc4b6a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:65
                    print(
                        f"Vendor Address Recipient: {vendor_address_recipient.get('content')} has confidence: {vendor_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1a765dfca196940b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:70
                    print(
                        f"Customer Name: {customer_name.get('content')} has confidence: {customer_name.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8af363e41ed21c54 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:75
                    print(f"Customer Id: {customer_id.get('content')} has confidence: {customer_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #34b374255983b94c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:78
                    print(
                        f"Customer Address: {customer_address.get('content')} has confidence: {customer_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4c61ee4bac7c6572 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:83 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:83
                    print(
                        f"Customer Address Recipient: {customer_address_recipient.get('content')} has confidence: {customer_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #43e186fd73e643d4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:88
                    print(f"Invoice Id: {invoice_id.get('content')} has confidence: {invoice_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #011de23b5bb38473 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:91 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:91
                    print(
                        f"Invoice Date: {invoice_date.get('content')} has confidence: {invoice_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ab9bf46e8556efd5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:96 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:96
                    print(
                        f"Invoice Total: {invoice_total.get('content')} has confidence: {invoice_total.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fab692dd859250ad PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:101
                    print(f"Due Date: {due_date.get('content')} has confidence: {due_date.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cff8de232c61dc7f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:104
                    print(
                        f"Purchase Order: {purchase_order.get('content')} has confidence: {purchase_order.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6ae5e2a7f8e4b7ac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:109
                    print(
                        f"Billing Address: {billing_address.get('content')} has confidence: {billing_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aee2cf7afca88512 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:114 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:114
                    print(
                        f"Billing Address Recipient: {billing_address_recipient.get('content')} has confidence: {billing_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8c9c30d1c9cc9ba4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:119
                    print(
                        f"Shipping Address: {shipping_address.get('content')} has confidence: {shipping_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #41801ad529763f23 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:124
                    print(
                        f"Shipping Address Recipient: {shipping_address_recipient.get('content')} has confidence: {shipping_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4990e70f3b4e5815 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:131 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:131
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3da5fec93c7e7787 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:134
                            print(
                                f"......Description: {item_description.get('content')} has confidence: {item_description.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cc8bbc1b4a81e2e3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:139 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:139
                            print(
                                f"......Quantity: {item_quantity.get('content')} has confidence: {item_quantity.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1fc9dad12c2b4584 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:144 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:144
                            print(f"......Unit: {unit.get('content')} has confidence: {unit.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #af9f5258d0e0efbe PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:152 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:152
                            print(
                                f"......Unit Price: {unit_price.get('content')}{unit_price_code} has confidence: {unit_price.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #974d83b0d86a4a5b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:157 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:157
                            print(
                                f"......Product Code: {product_code.get('content')} has confidence: {product_code.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e0b153e9b9a6cfba PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:162 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:162
                            print(
                                f"......Date: {item_date.get('content')} has confidence: {item_date.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #46e0a1ccdaa7f580 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:167 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:167
                            print(f"......Tax: {tax.get('content')} has confidence: {tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9cc0be4b1956b02a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:170 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:170
                            print(f"......Amount: {amount.get('content')} has confidence: {amount.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ce21ef17c847e122 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:173 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:173
                    print(f"Subtotal: {subtotal.get('content')} has confidence: {subtotal.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9920a1ecb0df5541 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:176 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:176
                    print(f"Total Tax: {total_tax.get('content')} has confidence: {total_tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6f3aa75faed8870c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:179 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:179
                    print(
                        f"Previous Unpaid Balance: {previous_unpaid_balance.get('content')} has confidence: {previous_unpaid_balance.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a31db797e36f1b2d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:184 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:184
                    print(f"Amount Due: {amount_due.get('content')} has confidence: {amount_due.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #db787da81215792c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:187 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:187
                    print(
                        f"Service Start Date: {service_start_date.get('content')} has confidence: {service_start_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #de8b5d4748960565 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:192 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:192
                    print(
                        f"Service End Date: {service_end_date.get('content')} has confidence: {service_end_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8930a2a12edfaa37 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:197 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:197
                    print(
                        f"Service Address: {service_address.get('content')} has confidence: {service_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a18c32deb3178b37 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:202 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:202
                    print(
                        f"Service Address Recipient: {service_address_recipient.get('content')} has confidence: {service_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #27106fe13447d624 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:207 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:207
                    print(
                        f"Remittance Address: {remittance_address.get('content')} has confidence: {remittance_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2ae03e4d4698f4f3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:212 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices.py:212
                    print(
                        f"Remittance Address Recipient: {remittance_address_recipient.get('content')} has confidence: {remittance_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e73892887cfe4762 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:54 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:54
            print(f"--------Analyzing invoice #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0ea357505d724833 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:58
                    print(f"Vendor Name: {vendor_name.get('content')} has confidence: {vendor_name.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0ad42b064908d938 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:61
                    print(
                        f"Vendor Address: {vendor_address.get('content')} has confidence: {vendor_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7c75fc09a5eed509 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:66
                    print(
                        f"Vendor Address Recipient: {vendor_address_recipient.get('content')} has confidence: {vendor_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0c7ae6b4c1794a14 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:71 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:71
                    print(
                        f"Customer Name: {customer_name.get('content')} has confidence: {customer_name.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3744956588eaa842 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:76
                    print(f"Customer Id: {customer_id.get('content')} has confidence: {customer_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #61f6e635b328b62c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:79
                    print(
                        f"Customer Address: {customer_address.get('content')} has confidence: {customer_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ebb006cd381bc00c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:84
                    print(
                        f"Customer Address Recipient: {customer_address_recipient.get('content')} has confidence: {customer_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4c8f842b43b93dc4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:89
                    print(f"Invoice Id: {invoice_id.get('content')} has confidence: {invoice_id.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a863bd9784738898 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:92
                    print(
                        f"Invoice Date: {invoice_date.get('content')} has confidence: {invoice_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3c6ee3c733a1bd68 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:97 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:97
                    print(
                        f"Invoice Total: {invoice_total.get('content')} has confidence: {invoice_total.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d8f013dd784f1e6e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:102 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:102
                    print(f"Due Date: {due_date.get('content')} has confidence: {due_date.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7687aac93ffad271 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:105 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:105
                    print(
                        f"Purchase Order: {purchase_order.get('content')} has confidence: {purchase_order.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cb9cbb59024fea7a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:110 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:110
                    print(
                        f"Billing Address: {billing_address.get('content')} has confidence: {billing_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #644c39ce27855a40 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:115 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:115
                    print(
                        f"Billing Address Recipient: {billing_address_recipient.get('content')} has confidence: {billing_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4bc4ba43bebbcdb3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:120 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:120
                    print(
                        f"Shipping Address: {shipping_address.get('content')} has confidence: {shipping_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #49d7a827a822a06a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:125 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:125
                    print(
                        f"Shipping Address Recipient: {shipping_address_recipient.get('content')} has confidence: {shipping_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #731f34710db0db03 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:132 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:132
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6370b0dcfba7f7a8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:135
                            print(
                                f"......Description: {item_description.get('content')} has confidence: {item_description.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9bf34608a4b112a3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:140 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:140
                            print(
                                f"......Quantity: {item_quantity.get('content')} has confidence: {item_quantity.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #11ae243b2ef608b7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:145 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:145
                            print(f"......Unit: {unit.get('content')} has confidence: {unit.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #60aa7c82f25ddc06 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:153 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:153
                            print(
                                f"......Unit Price: {unit_price.get('content')}{unit_price_code} has confidence: {unit_price.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #950321403b71f9e8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:158 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:158
                            print(
                                f"......Product Code: {product_code.get('content')} has confidence: {product_code.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7626caa60af6f119 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:163 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:163
                            print(
                                f"......Date: {item_date.get('content')} has confidence: {item_date.get('confidence')}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0fda63b154e9aff5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:168 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:168
                            print(f"......Tax: {tax.get('content')} has confidence: {tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4f1c5d5f07d52950 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:171 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:171
                            print(f"......Amount: {amount.get('content')} has confidence: {amount.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b19f788357219cb5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:174 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:174
                    print(f"Subtotal: {subtotal.get('content')} has confidence: {subtotal.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c567916eaed7cc5a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:177 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:177
                    print(f"Total Tax: {total_tax.get('content')} has confidence: {total_tax.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #622c4fe4f8c02d02 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:180 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:180
                    print(
                        f"Previous Unpaid Balance: {previous_unpaid_balance.get('content')} has confidence: {previous_unpaid_balance.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #57c2d1e90c2567c4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:185 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:185
                    print(f"Amount Due: {amount_due.get('content')} has confidence: {amount_due.get('confidence')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8cb228da3de65162 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:188 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:188
                    print(
                        f"Service Start Date: {service_start_date.get('content')} has confidence: {service_start_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #165a66a25ce75577 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:193 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:193
                    print(
                        f"Service End Date: {service_end_date.get('content')} has confidence: {service_end_date.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #24673dab067cc006 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:198 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:198
                    print(
                        f"Service Address: {service_address.get('content')} has confidence: {service_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #95977e06dca6d40d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:203 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:203
                    print(
                        f"Service Address Recipient: {service_address_recipient.get('content')} has confidence: {service_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ad9eb30682919969 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:208 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:208
                    print(
                        f"Remittance Address: {remittance_address.get('content')} has confidence: {remittance_address.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #98bda7bff4a1b969 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:213 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:213
                    print(
                        f"Remittance Address Recipient: {remittance_address_recipient.get('content')} has confidence: {remittance_address_recipient.get('confidence')}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fb5b25088a63af46 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:70
        print(f"----Analyzing layout from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2b60eae6d2c449ed PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:71 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:71
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d887d337419811e6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:78
                        print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d9b6c20df0f6a71a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:81
                print(
                    f"...Line # {line_idx} has word count {len(words)} and text '{line.content}' "
                    f"within bounding polygon '{_format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8a0bc64109c78ddd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:88
                print(
                    f"Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{_format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #869ce8f91a445e9c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:94
        print(f"----Detected #{len(result.paragraphs)} paragraphs in the document----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e12e6cd8120a91f1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:100
                print(f"Found paragraph with role: '{paragraph.role}' within N/A bounding region")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f4009889924c5d9b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:102 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:102
                print(f"Found paragraph with role: '{paragraph.role}' within")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #06ccb152de7bec6e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:103 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:103
                print(
                    ", ".join(
                        f" Page #{region.page_number}: {_format_polygon(region.polygon)} bounding region"
                        for region in paragraph.bounding_regions
                    )
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #63909ccd9c2bfe0f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:109 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:109
            print(f"...with content: '{paragraph.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a2d8eff48f015db0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:110 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:110
            print(f"...with offset: {paragraph.spans[0].offset} and length: {paragraph.spans[0].length}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #efd5562fa332b97d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:114 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:114
            print(f"Table # {table_idx} has {table.row_count} rows and " f"{table.column_count} columns")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #72d2cb1e10c1c848 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:117
                    print(
                        f"Table # {table_idx} location on page: {region.page_number} is {_format_polygon(region.polygon)}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0ea7a32cac6ba3e1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:121 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:121
                print(f"...Cell[{cell.row_index}][{cell.column_index}] has text '{cell.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d6ccf2679ac796e3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:124 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:57 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_layout.py:124
                        print(
                            f"...content on page {region.page_number} is within bounding polygon '{_format_polygon(region.polygon)}'"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3b7020766d73175e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:82 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:82
            print(f"Language code: '{language.locale}' with confidence {language.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #81271cfe8838cbf7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:91 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:91
                print(f"The document contains '{style.font_style}' font style, applied to the following text: ")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1f9248c513865c6f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:95
        print(f"----Analyzing document from page #{page.page_number}----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #77af207f5867810b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:96 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:96
        print(f"Page has width: {page.width} and height: {page.height}, measured with unit: {page.unit}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4138b756bc0f3a2c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:101
                print(
                    f"...Line # {line_idx} has {len(words)} words and text '{line.content}' within "
                    f"bounding polygon '{format_polygon(line.polygon)}'"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8f52be2329682d09 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:108 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:108
                print(f"......Word '{word.content}' has a confidence of {word.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #509ae35af767c00a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:112 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:112
                print(
                    f"...Selection mark is '{selection_mark.state}' within bounding polygon "
                    f"'{format_polygon(selection_mark.polygon)}' and has a confidence of {selection_mark.confidence}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2953ed201ab2e9ab PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:118
        print(f"----Detected #{len(result.paragraphs)} paragraphs in the document----")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9864e89b10055ad5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:123
            print(
                f"Found paragraph with role: '{paragraph.role}' within "
                f"{format_bounding_region(paragraph.bounding_regions)} bounding regions"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e3329f45b9a9a9b9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:127 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:127
            print(f"...with content: '{paragraph.content}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #32ca44b26ce40d82 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_read.py:128 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:68 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_read.py:128
            print(f"...with offset: {paragraph.spans[0].offset} and length: {paragraph.spans[0].length}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #17fc56fe158e70dc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:59
            print(f"--------Analysis of receipt #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4301f7113c0f9197 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:60 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:60
            print(f"Receipt type: {receipt.doc_type if receipt.doc_type else 'N/A'}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #066366a64d79a83a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:64
                    print(
                        f"Merchant Name: {merchant_name.get('valueString')} has confidence: "
                        f"{merchant_name.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b20395403c4f0201 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:70
                    print(
                        f"Transaction Date: {transaction_date.get('valueDate')} has confidence: "
                        f"{transaction_date.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #41065cb04f3d5d11 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:78 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:78
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ef94dd3135fcc24d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:81
                            print(
                                f"......Item Description: {item_description.get('valueString')} has confidence: "
                                f"{item_description.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c6cf93367bfaa773 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:87
                            print(
                                f"......Item Quantity: {item_quantity.get('valueString')} has confidence: "
                                f"{item_quantity.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b6d8a575c9dd6db5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:93
                            print(
                                f"......Total Item Price: {_format_price(item_total_price.get('valueCurrency'))} has confidence: "
                                f"{item_total_price.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fe750d2d10b70dbf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:99
                    print(
                        f"Subtotal: {_format_price(subtotal.get('valueCurrency'))} has confidence: {subtotal.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c818ede49f504370 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:104
                    print(f"Total tax: {_format_price(tax.get('valueCurrency'))} has confidence: {tax.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #eb9367104c0d85dc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:107 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:107
                    print(f"Tip: {_format_price(tip.get('valueCurrency'))} has confidence: {tip.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2fa178b666ec722a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:110 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts.py:110
                    print(f"Total: {_format_price(total.get('valueCurrency'))} has confidence: {total.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ecb8bbdd8ed66f5a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:53 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:53
            print(f"--------Analysis of receipt #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #baed457e473ad079 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:54 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:54
            print(f"Receipt type: {receipt.doc_type if receipt.doc_type else 'N/A'}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c31f70d0a1504e91 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:58
                    print(
                        f"Merchant Name: {merchant_name.get('valueString')} has confidence: "
                        f"{merchant_name.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #752642be2b0a57e4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:64
                    print(
                        f"Transaction Date: {transaction_date.get('valueDate')} has confidence: "
                        f"{transaction_date.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #638145e495b2f063 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:72
                        print(f"...Item #{idx + 1}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #df33227411f38d82 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:75
                            print(
                                f"......Item Description: {item_description.get('valueString')} has confidence: "
                                f"{item_description.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #34de7c80d460f8e0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:81
                            print(
                                f"......Item Quantity: {item_quantity.get('valueString')} has confidence: "
                                f"{item_quantity.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c44d654e5b7f69f8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:87
                            print(
                                f"......Total Item Price: {format_price(item_total_price.get('valueCurrency'))} has confidence: "
                                f"{item_total_price.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2190098ed60239ec PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:93
                    print(
                        f"Subtotal: {format_price(subtotal.get('valueCurrency'))} has confidence: {subtotal.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6a469ead170697ed PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:98 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:98
                    print(f"Total tax: {format_price(tax.get('valueCurrency'))} has confidence: {tax.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bc7a31486eea9743 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:101
                    print(f"Tip: {format_price(tip.get('valueCurrency'))} has confidence: {tip.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dc56f766e6a16306 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:104
                    print(f"Total: {format_price(total.get('valueCurrency'))} has confidence: {total.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #29fdd8756b7bbb3f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:56 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:56
            print(f"--------Analyzing US Tax W-2 Form #{idx + 1}--------")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d26077796ada3abd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:60 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:60
                    print(
                        f"Form variant: {form_variant.get('valueString')} has confidence: " f"{form_variant.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4522a3984e642fb6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:65
                    print(f"Tax year: {tax_year.get('valueString')} has confidence: {tax_year.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f26039969235dc4f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:68 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:68
                    print(f"W-2 Copy: {w2_copy.get('valueString')} has confidence: {w2_copy.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e98de603a27987ac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:74
                        print(f"...Name: {employee_name.get('valueString')} has confidence: {employee_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8b4d575d5d70343b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:77
                        print(f"...SSN: {employee_ssn.get('valueString')} has confidence: {employee_ssn.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #691b45e649115e0a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:80
                        print(f"...Address: {format_address_value(employee_address.get('valueAddress'))}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4789ad3727c6eb80 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:81 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:81
                        print(f"......has confidence: {employee_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dacfd8a8b707e807 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:84
                        print(f"...Zipcode: {employee_zipcode} has confidence: " f"{employee_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7853335b378308e7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:87
                    print(
                        f"Control Number: {control_number.get('valueString')} has confidence: "
                        f"{control_number.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #17eb796bb28553cc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:96 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:96
                        print(f"...Name: {employer_name.get('valueString')} has confidence: {employer_name.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #97f78769f79cde44 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:99
                        print(
                            f"...ID Number: {employer_id.get('valueString')} has confidence: {employer_id.confidence}"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0e18986103a2d1e6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:104 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:104
                        print(f"...Address: {format_address_value(employer_address.get('valueAddress'))}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #faec20b0aea9d7fb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:105 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:105
                        print(f"\n......has confidence: {employer_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ba95b76c6e7ddfcb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:108 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:108
                        print(f"...Zipcode: {employer_zipcode} has confidence: {employer_address.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #527b2011cb1a5faf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:111 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:111
                    print(
                        f"Wages, tips, and other compensation: {wages_tips.get('valueNumber')} "
                        f"has confidence: {wages_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #84b4a806e32ff06a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:117
                    print(
                        f"Federal income tax withheld: {fed_income_tax_withheld.get('valueNumber')} has "
                        f"confidence: {fed_income_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3fc0e98a0b4e8021 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:123
                    print(
                        f"Social Security wages: {social_security_wages.get('valueNumber')} has confidence: "
                        f"{social_security_wages.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4e14f9f43099f8cf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:129 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:129
                    print(
                        f"Social Security tax withheld: {social_security_tax_withheld.get('valueNumber')} "
                        f"has confidence: {social_security_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4b1997789fb8ef0b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:135 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:135
                    print(
                        f"Medicare wages and tips: {medicare_wages_tips.get('valueNumber')} has confidence: "
                        f"{medicare_wages_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d464225ffd348e32 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:141 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:141
                    print(
                        f"Medicare tax withheld: {medicare_tax_withheld.get('valueNumber')} has confidence: "
                        f"{medicare_tax_withheld.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #40b100d19bdec2d2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:147 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:147
                    print(
                        f"Social Security tips: {social_security_tips.get('valueNumber')} has confidence: "
                        f"{social_security_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3e06e87818c16cef PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:153 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:153
                    print(
                        f"Allocated tips: {allocated_tips.get('valueNumber')} has confidence: {allocated_tips.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fce13fe6f865b8a5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:158 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:158
                    print(
                        f"Verification code: {verification_code.get('valueNumber')} has confidence: {verification_code.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #de2d014753c38a9c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:163 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:163
                    print(
                        f"Dependent care benefits: {dependent_care_benefits.get('valueNumber')} has confidence: {dependent_care_benefits.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a4fde925b4e6dba7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:168 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:168
                    print(
                        f"Non-qualified plans: {non_qualified_plans.get('valueNumber')} has confidence: {non_qualified_plans.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ee2b2e66c7f57c05 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:177 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:177
                            print(
                                f"...Letter code: {letter_code.get('valueString')} has confidence: {letter_code.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a2df9638cf521f34 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:182 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:182
                            print(f"...Amount: {amount.get('valueNumber')} has confidence: {amount.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #39d12749b200dfb9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:185 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:185
                    print(
                        f"Is statutory employee: {is_statutory_employee.get('valueString')} has confidence: {is_statutory_employee.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9873b6f9b438edf4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:190 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:190
                    print(
                        f"Is retirement plan: {is_retirement_plan.get('valueString')} has confidence: {is_retirement_plan.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dbdaa5ebd614c959 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:195 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:195
                    print(
                        f"Is third party sick pay: {third_party_sick_pay.get('valueString')} has confidence: {third_party_sick_pay.confidence}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2740558349d5511b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:200 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:200
                    print(f"Other information: {other_info.get('valueString')} has confidence: {other_info.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #151a1b1c11aec926 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:207 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:207
                            print(f"...State: {state.get('valueString')} has confidence: {state.confidence}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #501d36219bded906 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:210 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:210
                            print(
                                f"...Employer state ID number: {employer_state_id_number.get('valueString')} has "
                                f"confidence: {employer_state_id_number.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e7f04bf7b293a24d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:216 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:216
                            print(
                                f"...State wages, tips, etc: {state_wages_tips.get('valueNumber')} has confidence: "
                                f"{state_wages_tips.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b173882a206c1d8a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:222 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:222
                            print(
                                f"...State income tax: {state_income_tax.get('valueNumber')} has confidence: "
                                f"{state_income_tax.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dd184d01e41b1220 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:232 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:232
                            print(
                                f"...Local wages, tips, etc: {local_wages_tips.get('valueNumber')} has confidence: "
                                f"{local_wages_tips.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a13ec8d58e66baca PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:238 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:238
                            print(
                                f"...Local income tax: {local_income_tax.get('valueNumber')} has confidence: "
                                f"{local_income_tax.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #aee27a341c2f908a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:244 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:244
                            print(
                                f"...Locality name: {locality_name.get('valueString')} has confidence: "
                                f"{locality_name.confidence}"
                            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8d2cdfa016c4f353 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_classify_document.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_classify_document.py:49 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_classify_document.py:61
                print(
                    f"Found document of type '{doc.doc_type or 'N/A'}' with a confidence of {doc.confidence} contained on "
                    f"the following pages: {[region.page_number for region in doc.bounding_regions]}"
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #222561d9a20cd8c0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:116 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:116
    print(f"Model ID: {model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c80e20a508188d10 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:117 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:117
    print(f"Description: {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4c3949e305559542 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:118 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:118
    print(f"Model created on: {model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7f5b2df8508896f2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:119
    print(f"Model expires on: {model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #daa474ce3cfd5b04 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:123
            print(f"Doc Type: '{name}' which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #649f095ed14bc3f6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:126 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:126
                    print(
                        f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                        f"{doc_type.field_confidence[field_name]}"
                    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3c04a7bc99acfb2d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_compose_model.py:133 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:56 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_compose_model.py:133
            print(f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #57164ef65e24a15f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:63 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:63
    print(f"Model ID: '{model.model_id}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #20da666efc34cd1a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:64
    print(f"Number of pages analyzed {len(model.pages)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #1c93c3db6d40c5d3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:65
    print(f"API version used: {model.api_version}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f799525da4f52a04 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:65
    print(f"Model ID: {copied_over_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b768f2015cd3e4c2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:66
    print(f"Description: {copied_over_model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e23555e91f4abc91 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:67
    print(f"Model created on: {copied_over_model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cdb94514403b70d4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:68 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:68
    print(f"Model expires on: {copied_over_model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6b7831c3ae7c228a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:72
            print(f"Doc Type: '{name}' which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #33d076d586e40133 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:76
                        print(
                            f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                            f"{doc_type.field_confidence[field_name]}"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8466becf7e8ac6ca PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:83 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_copy_model_to.py:83
            print(f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d0f999e1c2dbdb57 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:64
    print(f"Built classifier with ID: {classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #581b08f0898873bb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:65 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:65
    print(f"API version used to build the classifier model: {classifier.api_version}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8e30ba47c5fa3723 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:66
    print(f"Classifier description: {classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7d02c91a23ae0acf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:69
        print(f"Document type: {doc_type}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9dceac6bc982434d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:71 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:71
            print(f"Container source: {details.azure_blob_source.container_url}\n")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #dedcc5d15c063b2a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:80
        print(f"{classifier.classifier_id} | {classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #39afc434fe8be575 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:85
    print(f"\nClassifier ID: {my_classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #632e5cd98a74d8b4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:86 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:86
    print(f"Description: {my_classifier.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8298b6f2217b5ace PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:87
    print(f"Classifier created on: {my_classifier.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5f8d4a4c097c9d35 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:88 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:88
    print(f"Classifier expires on: {my_classifier.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #375e9e0c92d5e92f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:101 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_classifiers.py:101
        print(f"Successfully deleted classifier with ID {my_classifier.classifier_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #714828c047c5b341 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:56 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:56
    print(f"Model ID: {model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f224a1ac65240df8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:57
    print(f"Description: {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bdbac5e63a678216 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:58
    print(f"Model created on: {model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e8675ec26a409fa9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:59
    print(f"Model expires on: {model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5d539f915ea2b863 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:63 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:63
            print(f"Doc Type: '{name}' built with '{doc_type.build_mode}' mode which has the following fields:")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #de536330e204e844 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:67
                        print(
                            f"Field: '{field_name}' has type '{field['type']}' and confidence score "
                            f"{doc_type.field_confidence[field_name]}"
                        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #037985936e85e392 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:75
    print(
        f"Our resource has {account_details.custom_document_models.count} custom models, "
        f"and we can have at most {account_details.custom_document_models.limit} custom models"
    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8466c94f5e2a85cc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:87
        print(f"{model.model_id} | {model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ff99bc09dd86f536 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:92
    print(f"\nModel ID: {my_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #deec3ed6a7fb88f2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:93
    print(f"Description: {my_model.description}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d5ffb7e29964ed33 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:94
    print(f"Model created on: {my_model.created_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3526b3bd4227975f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:95 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:95
    print(f"Model expires on: {my_model.expiration_date_time}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #98f5d80a5c84f7ea PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:99
            print(f"warning code: {warning.code}, message: {warning.message}, target of the error: {warning.target}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #166080f25195bc51 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_manage_models.py:111 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:42 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_manage_models.py:111
        print(f"Successfully deleted model with ID {my_model.model_id}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #42ed08aa505b4c10 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_send_request.py:43 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_send_request.py:32 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_send_request.py:43
    print(
        f"Our resource has {response_body['customDocumentModels']['count']} custom models, "
        f"and we can have at most {response_body['customDocumentModels']['limit']} custom models."
        f"The quota limit for custom neural document models is {response_body['customNeuralDocumentModelBuilds']['quota']} and the resource has"
        f"used {response_body['customNeuralDocumentModelBuilds']['used']}. The resource quota will reset on {response_body['customNeuralDocumentModelBuilds']['quotaResetDateTime']}"
    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 212 low-confidence finding(s)
low env_fs dependency Excluded from app score #4fe97832588d2731 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:65
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dd4cb21a221ced0 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:66
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72344d3797988c26 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_barcodes_async.py:72
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #680eef318c5c6865 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:67
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b154a27c8a77b09 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:68
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #706a5e5ab83ac60f Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_fonts_async.py:73
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d559dc143b8ba6 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:65
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #599471c9dc73cf08 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:66
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce0227f099ffe392 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_formulas_async.py:72
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df84b0cf8f994772 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:80
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2f74cd9e1623a41 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:81
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73ed8f2f6bdab3a Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_highres_async.py:87
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16909f758c12633e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:59
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45a43c171a4a57e7 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:60
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e4c5795e1b58d45 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_languages_async.py:66
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32267c1a82451a1a Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:51
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #365ea30c85cfee86 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_addon_query_fields_async.py:52
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e9773c31b588699 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:53
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7c369eb78050958 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:54
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7d807eb51e4fb80 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:55
    result_container_sas_url = os.environ["RESULT_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4e2bce6a474563 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_batch_documents_async.py:56
    batch_training_data_container_sas_url = os.environ["TRAINING_DATA_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13a8ec41c4f86851 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:65
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929bd342c56fbb91 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:66
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c2ff0140fd6bf6 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:67
    model_id = os.getenv("CUSTOM_BUILT_MODEL_ID", custom_model_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66f499dde41276e5 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:72
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ba8d3cedd4fb9f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:153
    if os.getenv("DOCUMENTINTELLIGENCE_STORAGE_ADVANCED_CONTAINER_SAS_URL") and not os.getenv("CUSTOM_BUILT_MODEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abec499dffb97b45 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:163
        endpoint = os.getenv("DOCUMENTINTELLIGENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f95092a7c210ae1 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:164
        key = os.getenv("DOCUMENTINTELLIGENCE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a8c70bbe43ca1a Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:169
        blob_container_sas_url = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_ADVANCED_CONTAINER_SAS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210ee6fc14670fae Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_custom_documents_async.py:170
        blob_prefix = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c6e2bbfe01c1f62 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:32
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb0494912a0e66f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_documents_output_in_markdown_async.py:33
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b36b192e1d6a577 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:69
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35ae2dbd3fbaceca Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:70
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #523e1e215fa75018 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_general_documents_async.py:74
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a38b920970e9a49e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3554b0c5babbac1 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d9cb7ec4db5631 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_identity_documents_async.py:49
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e7cccdca5a1f3d Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1cb13704146613 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f78227b6dae3f92b Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_async.py:49
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9117af16bde6876 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be99272f2c25512e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #847c6bd2745c5d6a Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_invoices_from_bytes_source_async.py:49
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283a76ddbd37459a Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:73
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb685b6fbbcd18d8 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:74
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee48398e6653df90 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_layout_async.py:78
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e6d21b18885b69 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:69
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fa6c1c58105c01e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:70
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a69fbfb7875bbfd3 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_read_async.py:74
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #931f2afcd0eac5f9 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:51
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4f14ba51b84be9 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:52
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc0753e6c4aef16c Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_async.py:56
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6d074a5bfadcbb7 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:40
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6a6853aa4f82b7c Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_receipts_from_url_async.py:41
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23acc25655192fa5 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_figures_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b54c52148f6fab Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_figures_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed127f1058970393 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_figures_async.py:50
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #492b95d50d9a3943 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_figures_async.py:65
                    with open(f"{figure.id}_async.png", "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e14dffd89c55ad5 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_pdf_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa67055e77ad0fb Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_pdf_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #100375711c03b11d Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_pdf_async.py:50
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f885c5e9bb980838 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_result_pdf_async.py:62
        with open("async_analyze_result.pdf", "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1adbd6d67c394f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:48
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472ae5b14e3523db Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:49
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e51ef7fdb666afe Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_analyze_tax_us_w2_async.py:53
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eedfb0ed7e6d3f0 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:49
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd57615f167e7ee6 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:50
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e0d79bb2b88f2f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:51
    classifier_id = os.getenv("CLASSIFIER_ID", classifier_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4b14b423339438e Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:55
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666887d685e2234d Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:71
    if os.getenv("DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL") and not os.getenv("CUSTOM_BUILT_MODEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad8e1140e97b0df Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:81
        endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896a9ecc41d07b55 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:82
        key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faf7ce4f98cd99fb Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_classify_document_async.py:83
        blob_container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763d23c990bf0d87 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:55
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b915f42c7e2066fb Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:56
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b467337fcc850b2 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:57
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba49864075491cb Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:138
    if os.getenv("DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL") and not os.getenv("CUSTOM_BUILT_MODEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19e846f4ff8056e6 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:148
        endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccbad91c86173d4e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:149
        key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81dc1e193762f624 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_compose_model_async.py:150
        blob_container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56dcf0ff43169382 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:44
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6973507c4718e454 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:45
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a31d468aa5a552c7 Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:49
        with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f005201402787ea Filesystem access.
pkgs/python/[email protected]/samples/async_samples/sample_convert_to_and_from_dict_async.py:57
    with open("data.json", "w") as output_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c97b8b6a4a42322 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:40
    source_endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1556fc30d66b8d9e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:41
    source_key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff5ff1838845506a Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:42
    target_endpoint = os.environ["DOCUMENTINTELLIGENCE_TARGET_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1257c604543a341 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:43
    target_key = os.environ["DOCUMENTINTELLIGENCE_TARGET_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #220553a4f553e630 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:44
    source_model_id = os.getenv("AZURE_SOURCE_MODEL_ID", custom_model_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #486eb89604ee2507 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:90
    if os.getenv("DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL") and not os.getenv("CUSTOM_BUILT_MODEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a269b7eb524c74f9 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:100
        endpoint = os.getenv("DOCUMENTINTELLIGENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c0a0946beae68f9 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:101
        key = os.getenv("DOCUMENTINTELLIGENCE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0092b6275d2fca1f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_copy_model_to_async.py:106
        blob_container_sas_url = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22cb2ca93d9f5a0 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_get_raw_response_async.py:30
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #937455fdf294acaa Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_get_raw_response_async.py:31
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c82b5548f415cc2 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:40
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7124eeb05df843ae Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:41
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f959843966f2dd4 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_classifiers_async.py:42
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0fabf7b007f531b Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:41
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16fb0abb7894ca93 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:42
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c08e52bccbbce141 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_manage_models_async.py:43
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4d0227f2984a319 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:31
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b14ab9efdc34d547 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_send_request_async.py:32
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477e565452f71b98 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:58
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ec1dec09e06903a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:59
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bdd3250abe1385f Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_addon_barcodes.py:64
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df51bd8932582d71 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:65
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdfd9e5512a442e6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:66
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05d08410faacd139 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_addon_fonts.py:70
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06886921e5d1b71 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:63
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe98839ea69069f9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:64
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a29454ffa087d23d Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_addon_formulas.py:69
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ea6bde479e23b46 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:69
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #245a3fe35c2d221a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:70
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da44dade7183e1e6 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_addon_highres.py:75
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c0501844db1a319 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:58
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #447c98db686bb9ca Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:59
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5eafaf1dbfa9866 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_addon_languages.py:64
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad289fa91111aef Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:51
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f226eba9c62255c4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_addon_query_fields.py:52
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a180af76922570a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:52
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e09edd328024411f Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:53
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5c4a93e4dd9529d Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:54
    result_container_sas_url = os.environ["RESULT_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44c5ffa7b44ca834 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_batch_documents.py:55
    batch_training_data_container_sas_url = os.environ["TRAINING_DATA_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec40864f79c38370 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:64
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6707d1d60b73b40a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:65
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc4e5ad31ec3604 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:66
    model_id = os.getenv("CUSTOM_BUILT_MODEL_ID", custom_model_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d56520e941d922a Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:71
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5adf7d873b50b1a5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:162
        if os.getenv("DOCUMENTINTELLIGENCE_STORAGE_ADVANCED_CONTAINER_SAS_URL") and not os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #482227b39ac7d55c Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:162
        if os.getenv("DOCUMENTINTELLIGENCE_STORAGE_ADVANCED_CONTAINER_SAS_URL") and not os.getenv(
            "CUSTOM_BUILT_MODEL_ID"
        ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9084971d735bab82 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:174
            endpoint = os.getenv("DOCUMENTINTELLIGENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa6d3abdeb4318e6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:175
            key = os.getenv("DOCUMENTINTELLIGENCE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b244dc32b63b0c8d Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:183
            blob_container_sas_url = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_ADVANCED_CONTAINER_SAS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33dbcb75a383cc51 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_custom_documents.py:184
            blob_prefix = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52d59daf048c0954 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:32
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c04f6fd0ad389bef Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_documents_output_in_markdown.py:33
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c9fe7d5c33a449 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:59
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #570accffdde00c11 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:60
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2be73396d279f8a Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_general_documents.py:63
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8490b533121458a0 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:42
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53314a5965f97c42 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:43
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89f8c70672fb2c46 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_identity_documents.py:46
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a952033e27a2dd Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:43
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81104c764271d27 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:44
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad361d1cadf8417 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_invoices.py:47
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a90d9a07f1dd06f Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:42
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f58c9dac022926c Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:43
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fe25221cc04551 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_invoices_from_bytes_source.py:46
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a49b8687d65a3884 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:56
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa37bd6e50d8561b Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:57
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0914142b89736fd Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_layout.py:60
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f533c0da53e8daf Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_read.py:67
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a4304b2eacef721 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_read.py:68
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #845a3f2fec48a4f6 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_read.py:71
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d2826a8927e964 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:49
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a5b1af84b8cf00 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:50
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eac67ad816bbe0a6 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_receipts.py:53
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ac615e96aeae1a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:40
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fb0af95797bd5d0 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_receipts_from_url.py:41
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ad4193019d7bb43 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_result_figures.py:43
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a881405e5080796a Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_result_figures.py:44
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a553c66de0ab238 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_result_figures.py:48
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #745adfe1e8a96cba Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_result_figures.py:63
                with open(f"{figure.id}.png", "wb") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e9b50b2475f228 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_result_pdf.py:43
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127a5ad7851a26a6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_result_pdf.py:44
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0c1a9b3ea534fa Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_result_pdf.py:48
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ccde07a5043fe5 Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_result_pdf.py:58
    with open("analyze_result.pdf", "wb") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f88251045364ed06 Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:46
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd95fe35b39eb76e Environment-variable access.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:47
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5ed902d957a96a Filesystem access.
pkgs/python/[email protected]/samples/sample_analyze_tax_us_w2.py:50
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddb5b3f6a87b1b40 Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:48
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7007570e809ed09 Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:49
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5755c77c305663ad Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:50
    classifier_id = os.getenv("CLASSIFIER_ID", classifier_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e74d17a7d3eca73 Filesystem access.
pkgs/python/[email protected]/samples/sample_classify_document.py:53
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d40610bfbebaeb1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:76
        if os.getenv("DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL") and not os.getenv("CLASSIFIER_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1bf61e249eff139 Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:85
            endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343f636371e91603 Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:86
            key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1951f2dd33ec66bb Environment-variable access.
pkgs/python/[email protected]/samples/sample_classify_document.py:87
            blob_container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc36996a5fbb320 Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:55
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #433f74ce711b3cca Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:56
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbc18eb1ebf81d6f Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:57
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeeed4c667580b12 Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:58
    classifier_id = os.getenv("CLASSIFIER_ID", classifier_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4026915b16aa76e9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:145
        if os.getenv("DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL") and not os.getenv("CLASSIFIER_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d6ba56ef4c6132 Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:154
            endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4f6d1c766f46e48 Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:155
            key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1b09eb892ebc90d Environment-variable access.
pkgs/python/[email protected]/samples/sample_compose_model.py:156
            blob_container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd9b8912fd61d13 Environment-variable access.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:43
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4dce064ca94c38b Environment-variable access.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:44
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e52d8e088c8c877e Filesystem access.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:47
    with open(path_to_sample_documents, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13e230099a27602 Filesystem access.
pkgs/python/[email protected]/samples/sample_convert_to_and_from_dict.py:55
    with open("data.json", "w") as output_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18451129dd7be59a Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:40
    source_endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90657c38a22b263 Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:41
    source_key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ce03235a1a07ead Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:42
    target_endpoint = os.environ["DOCUMENTINTELLIGENCE_TARGET_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9cfae8721ac019 Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:43
    target_key = os.environ["DOCUMENTINTELLIGENCE_TARGET_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f2bca60fc9b406b Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:44
    source_model_id = os.getenv("AZURE_SOURCE_MODEL_ID", custom_model_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e1efce4d5cc98c Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:94
        if os.getenv("DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL") and not os.getenv("AZURE_SOURCE_MODEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff8f52e1b10558d Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:104
            endpoint = os.getenv("DOCUMENTINTELLIGENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12f91a6bbc1067e2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:105
            key = os.getenv("DOCUMENTINTELLIGENCE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #668bb58247ea1ef9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_copy_model_to.py:113
            blob_container_sas_url = os.getenv("DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02c60e89aa3435d1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_get_raw_response.py:30
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311367a03f955801 Environment-variable access.
pkgs/python/[email protected]/samples/sample_get_raw_response.py:31
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfc42a69511dfff1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:40
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c11e915823b39b08 Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:41
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9947edffe084b21b Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_classifiers.py:42
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_TRAINING_DATA_CLASSIFIER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b76f1cb7c23e520 Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_models.py:41
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056c6c60c63ae501 Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_models.py:42
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0ab0066785aad0d Environment-variable access.
pkgs/python/[email protected]/samples/sample_manage_models.py:43
    container_sas_url = os.environ["DOCUMENTINTELLIGENCE_STORAGE_CONTAINER_SAS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7556cca749684e04 Environment-variable access.
pkgs/python/[email protected]/samples/sample_send_request.py:31
    endpoint = os.environ["DOCUMENTINTELLIGENCE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffc5a1bbc3c775af Environment-variable access.
pkgs/python/[email protected]/samples/sample_send_request.py:32
    key = os.environ["DOCUMENTINTELLIGENCE_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6252ae09ac4c7b1f Filesystem access.
pkgs/python/[email protected]/setup.py:22
with open(os.path.join(package_folder_path, "_version.py"), "r") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af7e27b8aba2e77 Filesystem access.
pkgs/python/[email protected]/setup.py:33
    long_description=open("README.md", "r").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

azure-search-documents

python dependency
medium pii_flow dependency Excluded from app score #d6432ae5fdbc3560 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:70
    print(f"Retrieved: knowledge source '{knowledge_source.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #28e3fd79eaf28fab PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:127 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:45 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:127
    print(f"Retrieved: knowledge base '{knowledge_base.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9456b3bc3da7319a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:73 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:46 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:73
    print(f"Retrieved: knowledge source '{knowledge_source.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #442c42c296bdb705 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:46 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:134
    print(f"Retrieved: knowledge base '{knowledge_base.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #217d44fd62cd233f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication.py:39 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication.py:32 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication.py:39
    print(f"Document count: {document_count} (index '{index_name}')")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b66506b524f35ed7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication.py:55 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication.py:48 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication.py:55
    print(f"Indexes ({len(names)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f64def2934cfee7f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication_async.py:41 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication_async.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication_async.py:41
    print(f"Document count: {document_count} (index '{index_name}')")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2b17e091efdec851 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_authentication_async.py:58 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication_async.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_authentication_async.py:58
    print(f"Indexes ({len(names)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #86cfb1a246bb3f67 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:59
    print(f"Uploaded: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fc946afff8f26f33 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:72
    print(f"Merged: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #80961c31d04840a2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:87
    print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #12c12773b759e549 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:100 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:100
    print(f"Deleted: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d3db7131e2c4c147 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud.py:115 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud.py:115
    print(f"Merge or upload: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #be41822ac23e72b0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:61 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:61
    print(f"Uploaded: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2c35018084fdbfe2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:77
    print(f"Merged: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #fc47ef70d7f9693c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:93 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:93
    print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0669eab693267f74 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:107 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:107
    print(f"Deleted: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #66a612ece837d158 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:123 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_documents_crud_async.py:123
    print(f"Merge or upload: document 100 (succeeded={result[0].succeeded})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c67997c03fcf501e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:42 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:42
    print(f"Created: alias '{result.name}' -> index '{index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #167210c243e63991 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:54 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:54
    print(f"Retrieved: alias '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #479192fc5b90415d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:108 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud.py:108
    print(f"Updated: alias '{result.name}' -> index '{new_index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #89e6ddffe78784e3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:44 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:44
    print(f"Created: alias '{result.name}' -> index '{index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b2c6d9576d1972b2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:57 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:57
    print(f"Retrieved: alias '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bdeef4a9907528cb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:112 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:112
    print(f"Updated: alias '{result.name}' -> index '{new_index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c3b679c057789891 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_analyze_text.py:43 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_analyze_text.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_analyze_text.py:43
        print(f"  Token: {token.token}, Start: {token.start_offset}, End: {token.end_offset}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9f3752e3edef1410 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:45 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:45
        print(f"  Token: {token.token}, Start: {token.start_offset}, End: {token.end_offset}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0bfd11cd853e3a25 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:46 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:33 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:46
    print(f"Response: {response_body}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a598783c770ba0ac PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:51 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:37 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:51
    print(f"Response: {response_body}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7b4a9afa31a52709 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:69
    print(f"Created: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bd07044b67c2a6d3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:80
    print(f"Retrieved: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #48d61897e7f31e51 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:126 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:126
    print(f"Updated: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #398955496cf8007f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud.py:139 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud.py:139
        print(f"  - {name}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #350981ef6eaf3821 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:72 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:72
    print(f"Created: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7da3fc49fbb8bc52 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:84 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:84
    print(f"Retrieved: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #47f9a61f2f65e7d0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:132 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:27 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_crud_async.py:132
    print(f"Updated: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #89ae2ecafb21d360 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:43 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:43
    print(f"Created: synonym map '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #88d75e313b6778f5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:59 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:59
        print(f"Created: synonym map '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6076aa7bff3b308b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:71 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:71
    print(f"Synonym maps ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #95b55cd026bf6422 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:85 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:85
            print(f"  {syn}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #df47789fda2b337d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:45 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:45
    print(f"Created: synonym map '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #28115bdaec054461 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:62 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:62
        print(f"Created: synonym map '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c12bdb834f8df115 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:75 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:75
    print(f"Synonym maps ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #851d88de1a691af3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:90 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:90
            print(f"  {syn}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #68c362967347adb5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:74 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:74
    print(f"Created: indexer '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f473d78254c64f7a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:87 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:87
    print(f"Indexers ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4085a48562ff541a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:99
    print(f"Retrieved: indexer '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #68938cce8a41e987 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:112 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud.py:112
    print(f"Status: indexer '{indexer_name}' is {status.status}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a54244f12fd4cda1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:80 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:80
        print(f"Created: indexer '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b0c4c58199ce12cd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:94 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:94
    print(f"Indexers ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #61383c10c42c8813 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:107 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:107
    print(f"Retrieved: indexer '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #191f8ebde913d80a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:121 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:121
    print(f"Status: indexer '{indexer_name}' is {result.status}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2bd35cd6f7051d30 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:51 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:51
    print(f"Created: data source '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #42cd9543446aebc2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:64 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:64
    print(f"Data sources ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d1f1b3726473a4da PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:76 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:76
    print(f"Retrieved: data source '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #75b087cacd9a1597 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:52 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:52
    print(f"Created: data source '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9192a58a30bbfe08 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:66
    print(f"Data sources ({len(result)}): {', '.join(names)}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #09a20dbea9a2ffa6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:79 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:79
    print(f"Retrieved: data source '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a792269b02870697 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:119 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:119
    print(f"Retrieved: indexer '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #a68a425e98cbd056 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:130 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:130
        print(f"Scheduled: indexer every {updated_indexer.schedule.interval}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ca8f2fe52bd7b88c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_indexer_workflow.py:134
    print(f"Status: indexer '{updated_indexer.name}' is {status.status}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4548d16fa9f88139 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_autocomplete.py:40 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_autocomplete.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_autocomplete.py:40
        print(f"  Completion: {result['text']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ad854c53d99667b3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:43 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:43
            print(f"  Completion: {result['text']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #721716905f0c5140 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_facets.py:43 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_facets.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_facets.py:43
            print(f"  {facet}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ecbf9b350d08cfd9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_facets_async.py:46 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_facets_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_facets_async.py:46
                print(f"  {facet}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6bddc4d5a0322f13 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_filter.py:45 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_filter.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_filter.py:45
        print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #b8d5432a432b0811 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_filter_async.py:48 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_filter_async.py:28 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_filter_async.py:48
            print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0b9295c06df6ea0d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:66 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:66
        print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e056c9172dc1fccc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:67 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:67
        print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #170956451eb5b516 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:89 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:89
        print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #cb6cbbbeb163a7c2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic.py:90 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic.py:90
        print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7c11a13d0128dd54 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:69 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:69
            print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2c988f3e0e0ba779 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:70 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:70
            print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #79e8d36a9f78d840 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:91 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:91
            print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #84291b080280f201 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:92 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_semantic_async.py:92
            print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #10648779864ffdda PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_session.py:38 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_session.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_session.py:38
        print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7f4a031bc58839ef PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_session_async.py:40 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_session_async.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_session_async.py:40
            print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3e224dcebad84795 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_simple.py:38 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_simple.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_simple.py:38
        print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #738156f154b8f737 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_simple_async.py:41 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_simple_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_simple_async.py:41
            print(f"  HotelName: {result['HotelName']} (rating {result['Rating']})")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e668183aafdcdce4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_suggestions.py:39 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_suggestions.py:24 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_suggestions.py:39
        print(f"  Text: {result['text']!r}, HotelName: {hotel['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #370f356ff52ff223 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:42 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:42
            print(f"  Text: {result['text']!r}, HotelName: {hotel['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #093a683cda997b64 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:130 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:130
    print(f"Created: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #584055462113240e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:148 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:148
    print(f"Uploaded: {len(result)} documents to index '{index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #f6ce0e5eeb7d4f6f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:170 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:170
        print(
            f"  HotelId: {result['HotelId']}, HotelName: {result['HotelName']}, " f"Category: {result.get('Category')}"
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8961d3adf5b9b518 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:196 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:196
        print(f"  HotelId: {result['HotelId']}, HotelName: {result['HotelName']}, " f"Tags: {result.get('Tags')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9996da9235dbc0e4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:221 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:221
        print(f"  Score: {score}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #99177d370054a4e8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:222 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:222
        print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2f1bd18fa40ef635 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:223 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:223
        print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d1e692866a3df6e4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:224 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:224
        print(f"  Description: {result.get('Description')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #65a5bb332f03ba9e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:225 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:225
        print(f"  Category: {result.get('Category')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c212e9dedb157151 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector.py:226 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:50 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector.py:226
        print(f"  Tags: {result.get('Tags', 'N/A')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #39cdb0a1c091f2f0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:134 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:134
    print(f"Created: index '{result.name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #bccab53e7bca2ba9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:153 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:153
    print(f"Uploaded: {len(result)} documents to index '{index_name}'")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4106d40136c0ad8c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:176 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:176
            print(
                f"  HotelId: {result['HotelId']}, HotelName: {result['HotelName']}, "
                f"Category: {result.get('Category')}"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4a8a443bfe99454a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:204 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:204
            print(f"  HotelId: {result['HotelId']}, HotelName: {result['HotelName']}, " f"Tags: {result.get('Tags')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #2c09f68c5f2cce1b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:230 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:230
            print(f"  Score: {score}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3ea3f48d8f6ec763 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:231 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:231
            print(f"  HotelId: {result['HotelId']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #36c927d98daea1f5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:232 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:232
            print(f"  HotelName: {result['HotelName']}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #56fedde550062f3e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:233 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:233
            print(f"  Description: {result.get('Description')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5a479e9fb6deb7aa PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:234 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:234
            print(f"  Category: {result.get('Category')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #e7ed52c52775e17f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:235 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:52 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_query_vector_async.py:235
            print(f"  Tags: {result.get('Tags', 'N/A')}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ea81b7402eeda35c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:42 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:25 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:42
    print(f"Document count: {response_body} (index '{index_name}')")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #71479e1228e8417b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:48 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:26 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:48
    print(f"Document count: {response_body} (index '{index_name}')")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 133 low-confidence finding(s)
low env_fs dependency Excluded from app score #6cfed82e93d9ae31 Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:43
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fefc9365329fe58d Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:44
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0611ae751b834abb Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval.py:45
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baf8c1278ce8ce8b Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:44
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c240399d7abe704 Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:45
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35494d8ce33b31db Environment-variable access.
pkgs/python/[email protected]/samples/sample_agentic_retrieval_async.py:46
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550478db05b0b64b Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:30
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b6ecd3d2600388 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:31
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #253888960ce91677 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:32
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14d9c8101bd70df Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:47
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e5eb83920cf30d Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:48
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae390f071f9f3c77 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:63
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbb9e5badbb274b2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:64
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3701e0ae6c70bd Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication.py:80
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd5eaf0eca960021 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:31
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbf38393baaa48d4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:32
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8040602c2e4a5d22 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:33
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5ab34b9e8673ca7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:49
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9665fd3158fe1260 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:50
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #049a254823edcd35 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:66
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c18136785781472 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:67
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543c237905670177 Environment-variable access.
pkgs/python/[email protected]/samples/sample_authentication_async.py:84
    service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de27235f8feb75f Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9bc19752ec8d3f Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e2e526f3d684ed1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af0f9f99d6acb5c1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender_async.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1cfa6ee1b0371ab Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender_async.py:26
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0070e8c245756a8f Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_buffered_sender_async.py:27
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff7dee3584fe6767 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4602b76b7c70e2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26723c1c7ebb6fed Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f803344bf68f7026 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0383d8d65c7fc8c5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:26
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c4b96778e56925 Environment-variable access.
pkgs/python/[email protected]/samples/sample_documents_crud_async.py:27
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3b3d94a1c1e4eb1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1c34ac195e3c08f Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:26
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b399364d2c61c1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud.py:27
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1268dbbed7ea71 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:26
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95742abdd7e6c35c Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:27
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3747c6ddd877f218 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_alias_crud_async.py:28
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b48ba58e49c533 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a8b33dbfcabe8b Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d7b8924e3d7c1f2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6de10820f425d355 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a75f40c232d5f643 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:26
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a0d65e688debf9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_analyze_text_async.py:27
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d209c8c4d016f6d Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:31
    endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d666663d87671a Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:32
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02ee1b033950d49c Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request.py:33
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #071f2921137b61f7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:35
    endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d56adf5b253cd4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:36
    index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652bad07528caf5b Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_client_custom_request_async.py:37
    key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbd27c3efe1beefa Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_crud.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19a3d65593c33808 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_crud.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a83cbe67f93f0f Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:26
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e96fcc50c0b980 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_crud_async.py:27
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd325d6aee62b88 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:22
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8ec5dfb3bff5c6f Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:23
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31bae6c333cfe609 Filesystem access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud.py:54
    with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c551ef046a3500 Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:23
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888a228eae2bc66f Environment-variable access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:24
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcedac7d3cd8c8ba Filesystem access.
pkgs/python/[email protected]/samples/sample_index_synonym_map_crud_async.py:56
    with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ad9476743a6e6c Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #488a4ba02460b96b Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cc047f5a5646c3f Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud.py:26
connection_string = os.environ["AZURE_STORAGE_CONNECTION_STRING"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e4c4a8f6a0a6d14 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb51e8c08d40ad6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47354be7bc81f56e Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_crud_async.py:27
connection_string = os.environ["AZURE_STORAGE_CONNECTION_STRING"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbd6dd007262e46e Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5537d220e38a12b4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f53be4aeceb080c Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud.py:26
connection_string = os.environ["AZURE_STORAGE_CONNECTION_STRING"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f529e9f9bc946ba2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:25
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #654a71f0ed7420a3 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b31461cc857d713 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_datasource_crud_async.py:27
connection_string = os.environ["AZURE_STORAGE_CONNECTION_STRING"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33634fd408f7355e Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b478b81ce78633b0 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce5ad0692b844590 Environment-variable access.
pkgs/python/[email protected]/samples/sample_indexer_workflow.py:26
connection_string = os.environ["AZURE_STORAGE_CONNECTION_STRING"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45b5687724c5a6e6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0fc485ad54da7f4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8299310ab9ffe9f5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dea4f1dec50214b Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:26
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ebf59ca77645389 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:27
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266f32f44ceaf1cd Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_autocomplete_async.py:28
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370d68fd390d48d9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #903a0b4e64d9abb2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcdde8670c37aa80 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d006ce9999f2d7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets_async.py:26
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3584271535f9830e Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets_async.py:27
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa08da82ba6ca20 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_facets_async.py:28
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c33b91e68d7cd93c Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47289e68361b82f6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7edad39b6aa03e40 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a488bca58b1104 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter_async.py:26
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9411104c0acb10a1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter_async.py:27
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #601435e78cfcca69 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_filter_async.py:28
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd9175a496cf0cd9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic.py:22
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb1e2e3c78a63236 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic.py:23
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46ea2d36f05fa153 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic.py:24
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8623950a4d123d24 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:23
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e3ed79f36ee516 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:24
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651141d12be85af7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_semantic_async.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91daca53bc1d84e1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session.py:22
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9905e6bfa260f2e3 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session.py:23
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b706bd687084a6e6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session.py:24
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d152f481a31bef2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session_async.py:23
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc0559f4121e12a8 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session_async.py:24
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a17affb40b6436b6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_session_async.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb3578cdf193b09 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple.py:22
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b49218e44ae8bd5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple.py:23
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19c286bc41434f98 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple.py:24
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0746b645b49a59a Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple_async.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24837ca4dfbca66c Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple_async.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44af1f517bb9e579 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_simple_async.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d4bbc899741c271 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions.py:22
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a2523f6890022a6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions.py:23
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e37e4d7f11d016a Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions.py:24
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8102c47a7d4fea38 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c2962e01fed9f5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f2715731420cf77 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_suggestions_async.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a6b3884ddcb942c Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_vector.py:49
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b440447d7676fa16 Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_vector.py:50
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b871871c37a84f5 Filesystem access.
pkgs/python/[email protected]/samples/sample_query_vector.py:60
    with open(query_vector_path, "r", encoding="utf-8") as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81dc4db0601b3745 Filesystem access.
pkgs/python/[email protected]/samples/sample_query_vector.py:134
    with open(documents_path, "r", encoding="utf-8") as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #331cc6c6c65b2aea Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:51
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c825f26916dadb Environment-variable access.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:52
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b590ca786f27ba1 Filesystem access.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:63
    with open(query_vector_path, "r", encoding="utf-8") as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b803268de20a1d Filesystem access.
pkgs/python/[email protected]/samples/sample_query_vector_async.py:138
    with open(documents_path, "r", encoding="utf-8") as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eabb59ade2ceb0b Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:23
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a84746e05eaada82 Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:24
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f147ed0d3213543 Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request.py:25
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af107e7648d89809 Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:24
service_endpoint = os.environ["AZURE_SEARCH_SERVICE_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69262023da3f339e Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:25
index_name = os.environ["AZURE_SEARCH_INDEX_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4b0481148369c06 Environment-variable access.
pkgs/python/[email protected]/samples/sample_search_client_custom_request_async.py:26
key = os.environ["AZURE_SEARCH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chromadb

python dependency
medium telemetry dependency Excluded from app score #67a8dbce72681035 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:226
        self.product_telemetry_client.capture(
            ClientCreateCollectionEvent(
                collection_uuid=str(id),
                # embedding_function=embedding_function.__class__.__name__,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #489be363e20499f5 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:429
        self.product_telemetry_client.capture(
            CollectionGetEvent(
                collection_uuid=str(collection_id),
                ids_count=ids_amount,
                limit=limit if limit else 0,
                include_metadata=ids_amount if "metadatas" in include else 0,
                include_documents=ids_amount if "documents" in include else 0,
                include_uris=ids_amount if "uris" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39975956586ed957 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:474
        self.product_telemetry_client.capture(
            CollectionAddEvent(
                collection_uuid=str(collection_id),
                add_amount=len(ids),
                with_metadata=len(ids) if metadatas is not None else 0,
                with_documents=len(ids) if documents is not None else 0,
                with_uris=len(ids) if uris is not None else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5eb36338c499fc22 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:507
        self.product_telemetry_client.capture(
            CollectionUpdateEvent(
                collection_uuid=str(collection_id),
                update_amount=len(ids),
                with_embeddings=len(embeddings) if embeddings else 0,
                with_metadata=len(metadatas) if metadatas else 0,
                with_documents=len(documents) if documents else 0,
                with_uris=len(uris) if uris else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94e0070157d56e85 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:567
        self.product_telemetry_client.capture(
            CollectionQueryEvent(
                collection_uuid=str(collection_id),
                query_amount=query_amount,
                filtered_ids_amount=filtered_ids_amount,
                n_results=n_results,
                with_metadata_filter=query_amount if where is not None else 0,
                with_document_filter=query_amount if where_document is not None else 0,
                include_metadatas=query_amount if "metadatas" in include else 0,
                include_documents=query_amount if "documents" in include else 0,
                include_uris=query_amount if "uris" in include else 0,
                include_distances=query_amount if "distances" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f6343734aa4faa2 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:626
        self.product_telemetry_client.capture(
            CollectionDeleteEvent(
                collection_uuid=str(collection_id),
                delete_amount=deleted,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #78abcde5c9d6322c Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:285
        self._product_telemetry_client.capture(
            ClientCreateCollectionEvent(
                collection_uuid=str(id),
                # embedding_function=embedding_function.__class__.__name__,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d0d7567aaace5e8 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:552
        self._product_telemetry_client.capture(
            CollectionAddEvent(
                collection_uuid=str(collection_id),
                add_amount=len(ids),
                with_metadata=len(ids) if metadatas is not None else 0,
                with_documents=len(ids) if documents is not None else 0,
                with_uris=len(ids) if uris is not None else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46b53683cb5b72fb Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:607
        self._product_telemetry_client.capture(
            CollectionUpdateEvent(
                collection_uuid=str(collection_id),
                update_amount=len(ids),
                with_embeddings=len(embeddings) if embeddings else 0,
                with_metadata=len(metadatas) if metadatas else 0,
                with_documents=len(documents) if documents else 0,
                with_uris=len(uris) if uris else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a774b82cd43f92da Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:714
        self._product_telemetry_client.capture(
            CollectionGetEvent(
                collection_uuid=str(collection_id),
                ids_count=ids_amount,
                limit=limit if limit else 0,
                include_metadata=ids_amount if "metadatas" in include else 0,
                include_documents=ids_amount if "documents" in include else 0,
                include_uris=ids_amount if "uris" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b546d6f2ff4cce7 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:825
        self._product_telemetry_client.capture(
            CollectionDeleteEvent(
                collection_uuid=str(collection_id), delete_amount=deleted_count
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f5eb2fa7ea4a164d Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:890
        self._product_telemetry_client.capture(
            CollectionQueryEvent(
                collection_uuid=str(collection_id),
                query_amount=query_amount,
                filtered_ids_amount=ids_amount,
                n_results=n_results,
                with_metadata_filter=query_amount if where is not None else 0,
                with_document_filter=query_amount if where_document is not None else 0,
                include_metadatas=query_amount if "metadatas" in include else 0,
                include_documents=query_amount if "documents" in include else 0,
                include_uris=query_amount if "uris" in include else 0,
                include_distances=query_amount if "distances" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0addd616a2deddf1 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/shared_system_client.py:137
        telemetry_client.capture(ClientStartEvent())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aeb3da5782a21aa3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/execution/executor/distributed.py:22
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71e7e86cc52f071d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/proto/utils.py:4
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0ea8cd78a26e1f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/server/fastapi/__init__.py:77
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f1b086eaa54c281 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/server/fastapi/__init__.py:245
        telemetry_client.capture(ServerStartEvent())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f783f1dbe5fc7ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df0b91caa1f5f182 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:8
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4a02e872ff0cbbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:9
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1de7daf85824132 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:10
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b52eb8d45248f9ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:13
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8fb2e7a22abc0777 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/fastapi.py:3
from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c9bc80a6753ae779 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/grpc.py:5
from opentelemetry.trace import StatusCode, SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 67 low-confidence finding(s)
low env_fs dependency Excluded from app score #b5367c0bd5ecc8a9 Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:407
            arg.value = arg.value or os.environ.get(arg.env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d171c2c731585866 Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:420
    tenant = tenant or os.environ.get("CHROMA_TENANT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52169263c21b74bb Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:423
    database = database or os.environ.get("CHROMA_DATABASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #117ae19395be27da Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/api/async_fastapi.py:167
        response = await self._get_client().request(method, url, **cast(Any, kwargs))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #36140cb00fec9b09 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/api/fastapi.py:131
        response = self._session.request(method, url, **cast(Any, kwargs))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e6266905702c9d79 Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:124
            with open(_creds_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a7e133e8e3e4692 Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:235
            with open(_config_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5ddf9b59101a3523 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/cli/cli.py:25
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1d74b92d07112bcc Filesystem access.
pkgs/python/[email protected]/chromadb/cli/utils.py:12
    with open(f"{log_config_path}", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97915c5f832961cf Filesystem access.
pkgs/python/[email protected]/chromadb/db/migrations.py:256
    sql = file["path"].read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13272578745e178d Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:74
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2270ab0fbe1c51b Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:255
        with open(self._get_metadata_file(), "wb") as metadata_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc13331d51f2e09 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:139
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d510ddc774cc5cf5 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:155
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c100d2e34689ef1 Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:88
                with open(self.USER_ID_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09eb84506e9496ce Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:93
                with open(self.USER_ID_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6651eee696f6944 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/product/events.py:20
        self.is_cli = os.environ.get("CHROMA_CLI", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab7fdd5308630b13 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:39
        if os.getenv("BASETEN_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7707cf95e759c2f4 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:45
        resolved_api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7fbfe0a08bdbaef Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:61
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4a08c94aa043274e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:127
        response = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #89228d981861c1e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:149
        response = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #22e8368fbf76501b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_splade_embedding_function.py:42
        self.api_key = os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ff0e320579a132dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_splade_embedding_function.py:99
            response = self._session.post(self._api_url, json=payload, timeout=60)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dfd81f749575275e Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:57
        if os.getenv("CLOUDFLARE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e949c0a04cf58b5 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:62
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ae2493dec1e8ec59 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:99
        resp = self._session.post(self._api_url, json=payload).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #02929a7b11f9a342 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:46
        if os.getenv("COHERE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f748b3dab6cad7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:51
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a40c2e31b4b12dc3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:57
        self.api_key = os.getenv(self.api_key_env_var) if self.api_key_env_var else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3636aa006ecdceb7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:251
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcfed25fb0132d55 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:256
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcf7340ba982b539 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:401
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e972aa749aa2df Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:406
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b63e7bd9fbd8c92c Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:529
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a60b82f2a2e38df Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:534
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c17c842bd163d2c3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:43
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #133d472cf7c9c656 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:48
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f27a314c303c21c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:76
        response = self._session.post(
            self._api_url,
            json={"inputs": input, "options": {"wait_for_model": True}},
        ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #97c3ef13fc7bcbec Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:169
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d14edec305dc79c0 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:173
            self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9136d5653d945303 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:199
        response = self._session.post(self._api_url, json={"inputs": input}).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8d270983237b9602 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:84
        if os.getenv("JINA_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa4769a81cb2e4d6 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:89
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f833605bfd10cca3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:202
        resp = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #112aa61b33c86e1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:210
        resp = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #453bd3db23eed462 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/mistral_embedding_function.py:29
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff15e195ccbfbb67 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/morph_embedding_function.py:49
        self.api_key = api_key or os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc382c2caf727036 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/nomic_embedding_function.py:50
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b5152fbc9b1be79 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:24
    with open(fname, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b31e0c0a3a8182 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:109
            with open(fname, "wb") as file, self.tqdm(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a61a2518e0c2b7d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:60
        if os.getenv("OPENAI_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f106d7b701d96a77 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:65
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c123c6abb130b47 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:52
        if os.getenv("PERPLEXITY_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #934ee7f02b7695e3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdbe6c3b1952556b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:48
        if os.getenv("ROBOFLOW_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #026e4b5f00c4f401 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:53
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ad10b5bc0011408c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:97
                res = self._httpx.post(
                    f"{self.api_url}/clip/embed_image?api_key={self.api_key}",
                    json=infer_clip_payload_image,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ac872ce241405e2f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:110
                res = self._httpx.post(
                    f"{self.api_url}/clip/embed_text?api_key={self.api_key}",
                    json=infer_clip_payload_text,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0be51f8eea8a332e Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/registry.py:38
        with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5db97b44df3160f5 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/schema_utils.py:36
    with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afc50192810849e7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:52
        if os.getenv("TOGETHER_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df6f3aa5902ab88b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7d0a89f2520cdd06 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:89
        response = self._session.post(
            ENDPOINT,
            json={"model": self.model_name, "input": input},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c4648e2b260b5d7d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/utils.py:11
    return (os.environ.get("CHROMA_EMBED_URL") or DEFAULT_CHROMA_EMBED_URL).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c14583243bbbb3c6 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:50
        if os.getenv("VOYAGE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b75d3ba1b1af8794 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:55
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

redis

python dependency
medium telemetry dependency Excluded from app score #3edae67abb25e1a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/asyncio/observability/recorder.py:247
        from opentelemetry.metrics import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97f74d2d69d15aad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/metrics.py:37
    from opentelemetry.metrics import Meter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad15190f9c7ef5d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/providers.py:32
    from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45e7a0fff8290b3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/providers.py:76
            from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc9b4c5ca77268c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/providers.py:77
            from opentelemetry.metrics import NoOpMeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #543be80c7b5748f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/recorder.py:242
        from opentelemetry.metrics import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b00f1e3e5d976ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/recorder.py:727
    from opentelemetry.metrics import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db279002c7f54826 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/redis/observability/registry.py:8
        from opentelemetry.metrics import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low egress dependency Excluded from app score #29b5a3902d3809c6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/redis/asyncio/multidb/healthcheck.py:495
        await self._http_client.get(url, expect_json=False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0e8bdf6232649280 Filesystem access.
pkgs/python/[email protected]/redis/commands/json/__init__.py:303
            with open(fp) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b889633504e231 Filesystem access.
pkgs/python/[email protected]/redis/commands/json/commands.py:650
        with open(file_name) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bf972b75c2f5f274 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/redis/http/http_client.py:309
        with urlopen(request, timeout=timeout or self.timeout, context=context) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32e8bab90bca95b7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/redis/ocsp.py:272
        r = requests.get(issuer_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d1c22d88e8651808 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/redis/ocsp.py:285
        r = requests.get(ocsp_url, headers=header)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

transformers

python dependency
medium pii_flow dependency Excluded from app score #b308d5ce8976f9f4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2446 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2444 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2446
            logger.debug(f"[Kubeflow] Token file not found: {token_path}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #4c700b3aef6fd65c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/transformers/utils/metrics.py:24
    from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fac8460035ec846e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/transformers/utils/metrics.py:25
    from opentelemetry.trace import Status, StatusCode, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 387 low-confidence finding(s)
low env_fs dependency Excluded from app score #75504e1945ea6e27 Filesystem access.
pkgs/python/[email protected]/setup.py:310
        with open(target, "w", encoding="utf-8", newline="\n") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b7e2784675490a Filesystem access.
pkgs/python/[email protected]/setup.py:330
        long_description=open("README.md", "r", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4e50bf3585c37247 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/audio_utils.py:136
            BytesIO(httpx.get(audio, follow_redirects=True, timeout=timeout).content), sr=sampling_rate

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c5719d6b45910309 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/audio_utils.py:178
            response = httpx.get(audio, follow_redirects=True, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f4875f853d920995 Filesystem access.
pkgs/python/[email protected]/src/transformers/audio_utils.py:182
            with open(audio, "rb") as audio_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2294e3be10a1a8cc Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:168
    with open(file_name, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d83fa64be3fc65e Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:174
    with open(file_name, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae1324172c56a2c5 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:230
            file = (repo_path / "src" / "transformers" / "models" / "auto" / filename).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62e70d6c83bb42e Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:316
    with open(toc_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27297c8fe649df48 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:372
    with open(module_name, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89a22294cff7e3f7 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:497
            with open(original_test_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05da1f33bb10f164 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:547
    with open(new_module_folder / f"modular_{new_lowercase_name}.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da087868da4c5635 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:552
    with open(new_module_folder / "__init__.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #581eb1e59e0185e5 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:569
    with open(tests_folder / "__init__.py", "w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4f69adb2d14e1f Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:573
        with open(tests_folder / filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8204aaa6e30b8d78 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/add_new_model_like.py:578
    with open(repo_path / "docs" / "source" / "en" / "model_doc" / f"{new_lowercase_name}.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b054220facedd56a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/cli/chat.py:210
        response = requests.post(f"{self.base_url.rstrip('/')}/load_model", json={"model": model}, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1b7e73e5b2b77e49 Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/chat.py:361
            with open(examples_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #03a28adf2cfb69f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/cli/chat.py:377
            output = httpx.get(health_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e8d6ecc992c5ac4f Filesystem access.
pkgs/python/[email protected]/src/transformers/cli/chat.py:657
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e71977ba814316e Filesystem access.
pkgs/python/[email protected]/src/transformers/configuration_utils.py:870
        with open(json_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f098290026c30ee Filesystem access.
pkgs/python/[email protected]/src/transformers/configuration_utils.py:1071
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85a9558c024ffe2 Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:159
        with open(model, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b70423a2047b30 Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:706
        with open(self.original_tokenizer.vocab_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6abb3cd1206e4c1 Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:1708
        with open(vocab_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab9a6bd0fad87e4 Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:1748
        with open(vocab_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d8ae6da7ffc699d Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:1838
        with open(vocab_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de2e4c37e1e4185a Filesystem access.
pkgs/python/[email protected]/src/transformers/convert_slow_tokenizer.py:1998
        with open(self.vocab_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38eda1556919b75f Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:576
        with open(output_prediction_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e5bd831e023d240 Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:580
        with open(output_nbest_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79f72afa6c01448a Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:584
        with open(output_null_log_odds_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dda3aae1cdcc1c5f Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:769
    with open(output_prediction_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e51e70277bec2ab Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:772
    with open(output_nbest_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5aeecde87979fdf Filesystem access.
pkgs/python/[email protected]/src/transformers/data/metrics/squad_metrics.py:776
        with open(output_null_log_odds_file, "w") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cdf58f37de5df2e Filesystem access.
pkgs/python/[email protected]/src/transformers/data/processors/squad.py:515
        with open(
            os.path.join(data_dir, self.train_file if filename is None else filename), "r", encoding="utf-8"
        ) as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e42a4ef4dbe6c4 Filesystem access.
pkgs/python/[email protected]/src/transformers/data/processors/squad.py:536
        with open(
            os.path.join(data_dir, self.dev_file if filename is None else filename), "r", encoding="utf-8"
        ) as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbb448bc5e216fb Filesystem access.
pkgs/python/[email protected]/src/transformers/data/processors/utils.py:119
        with open(input_file, "r", encoding="utf-8-sig") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e76c069e1f2d584 Filesystem access.
pkgs/python/[email protected]/src/transformers/distributed/configuration_utils.py:62
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #410aff4b9fac902f Filesystem access.
pkgs/python/[email protected]/src/transformers/dynamic_module_utils.py:133
    with open(module_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad2a10eb1141b9b Filesystem access.
pkgs/python/[email protected]/src/transformers/dynamic_module_utils.py:186
    with open(filename, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3bd81713a0315bb Filesystem access.
pkgs/python/[email protected]/src/transformers/dynamic_module_utils.py:298
        module_hash: str = hashlib.sha256(b"".join(bytes(f) + f.read_bytes() for f in module_files)).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d96a8cfd22c81dc9 Filesystem access.
pkgs/python/[email protected]/src/transformers/dynamic_module_utils.py:773
        with open(requirements, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5068a3ae23aa381e Filesystem access.
pkgs/python/[email protected]/src/transformers/feature_extraction_utils.py:611
        with open(json_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d356ce55c25b1d10 Filesystem access.
pkgs/python/[email protected]/src/transformers/feature_extraction_utils.py:639
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc7214a71fee68a0 Filesystem access.
pkgs/python/[email protected]/src/transformers/generation/configuration_utils.py:995
        with open(json_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51eb84b3d19e864b Filesystem access.
pkgs/python/[email protected]/src/transformers/generation/configuration_utils.py:1156
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da4d1c0d4b8c2ee1 Filesystem access.
pkgs/python/[email protected]/src/transformers/generation/configuration_utils.py:1276
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178be7fb78889b86 Environment-variable access.
pkgs/python/[email protected]/src/transformers/generation/utils.py:2041
            os.environ["TOKENIZERS_PARALLELISM"] = "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #799373206a65432e Filesystem access.
pkgs/python/[email protected]/src/transformers/hf_argparser.py:333
                    file_args += args_file.read_text().split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0922ad9fe0d1fdaa Filesystem access.
pkgs/python/[email protected]/src/transformers/hf_argparser.py:403
        with open(Path(json_file), encoding="utf-8") as open_json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be037c91bd036787 Filesystem access.
pkgs/python/[email protected]/src/transformers/hf_argparser.py:425
        outputs = self.parse_dict(yaml.safe_load(Path(yaml_file).read_text()), allow_extra_keys=allow_extra_keys)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4f7d2fcc66934ff Filesystem access.
pkgs/python/[email protected]/src/transformers/image_processing_base.py:417
        with open(json_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #852f941355780761 Filesystem access.
pkgs/python/[email protected]/src/transformers/image_processing_base.py:445
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c0d1933c1fdd1709 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/image_utils.py:480
            image = PIL.Image.open(BytesIO(httpx.get(image, timeout=timeout, follow_redirects=True).content))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dd2394a3e3ada9f5 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/accelerate.py:114
                local_rank = int(os.environ.get("LOCAL_RANK", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e809ff451a38ccc Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/fsdp.py:51
            and strtobool(os.environ.get("ACCELERATE_USE_FSDP", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda4c734bf7cd5c1 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/fsdp.py:52
            and strtobool(os.environ.get("FSDP_CPU_RAM_EFFICIENT_LOADING", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1bac710c541c7fe Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/hub_kernels.py:59
    _TRANSFORMERS_USE_HUB_KERNELS = os.environ.get("USE_HUB_KERNELS", "YES").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6a19744ffeb735f Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:39
if os.getenv("WANDB_MODE") == "offline":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #352329771ea1fb19 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:175
    if os.getenv("DISABLE_MLFLOW_INTEGRATION", "FALSE").upper() == "TRUE":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f407fc842c71a444 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:211
    if os.getenv("DISABLE_KUBEFLOW_INTEGRATION", "FALSE").upper() == "TRUE":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02ba16ccd43e66ae Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:213
    return os.getenv("KUBEFLOW_TRAINER_SERVER_URL") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a71232eaa02e789 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:435
    ray_scope = os.getenv("RAY_SCOPE", "last")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #352b03e3e996694b Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:601
        self.logging_dir = os.getenv("TENSORBOARD_LOGGING_DIR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #441e3ebfbf2f2628 Filesystem access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:663
    with open(f"{output_dir}/model_architecture.txt", "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54bcbd2d1f0a9ac3 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:708
        self._log_model = WandbLogModel(os.getenv("WANDB_LOG_MODEL", "false"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e54237f1b7993c7 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:762
                    project=os.getenv("WANDB_PROJECT", "huggingface"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86ac281a4ff4a82 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:774
            _watch_model = os.getenv("WANDB_WATCH", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c27e70e24c44bc Filesystem access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:814
                                fa.write(f.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3b3fafef0a55198 Filesystem access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:877
                            fa.write(f.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #639accbb13dd8c1a Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1102
        log_assets = os.getenv("COMET_LOG_ASSETS", "FALSE").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f2b953c2c8ebbe3 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1106
            comet_old_mode = os.getenv("COMET_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9f7ac24540642c2 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1266
        self._log_artifacts = os.getenv("HF_MLFLOW_LOG_ARTIFACTS", "FALSE").upper() in ENV_VARS_TRUE_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b979b348dd40b701 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1267
        self._nested_run = os.getenv("MLFLOW_NESTED_RUN", "FALSE").upper() in ENV_VARS_TRUE_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8678733f21e62ef1 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1268
        self._tracking_uri = os.getenv("MLFLOW_TRACKING_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e3c337fb072b7f Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1269
        self._experiment_name = os.getenv("MLFLOW_EXPERIMENT_NAME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf2d5b53c5f9bfa3 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1270
        self._flatten_params = os.getenv("MLFLOW_FLATTEN_PARAMS", "FALSE").upper() in ENV_VARS_TRUE_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac214951d01f7bea Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1271
        self._run_id = os.getenv("MLFLOW_RUN_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #515e08850bf81221 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1272
        self._max_log_params = os.getenv("MLFLOW_MAX_LOG_PARAMS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cce4e1b4a58cd7 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1335
            mlflow_tags = os.getenv("MLFLOW_TAGS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94ed4070c042d5ed Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1419
        self.log_artifacts = os.getenv("HF_DAGSHUB_LOG_ARTIFACTS", "FALSE").upper() in ENV_VARS_TRUE_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b9296e32076259 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1420
        self.name = os.getenv("HF_DAGSHUB_MODEL_NAME") or "main"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd89768d29ec98eb Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1421
        self.remote = os.getenv("MLFLOW_TRACKING_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b352a23dadef8ae4 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1425
            branch=os.getenv("BRANCH") or "main",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283021ac87960893 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1840
                    self._log_model = os.getenv(
                        "CLEARML_LOG_MODEL",
                        "FALSE" if not ClearMLCallback._task_created_in_callback else "TRUE",
                    ).upper() in ENV_VARS_TRUE_VALUES.union({"TRUE"})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b63db08b70206376 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1847
                        project_name=os.getenv("CLEARML_PROJECT", "HuggingFace Transformers"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca4878592869816 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1848
                        task_name=os.getenv("CLEARML_TASK", "Trainer"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e52e55523aecfc7 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:1852
                    self._log_model = os.getenv("CLEARML_LOG_MODEL", "TRUE").upper() in ENV_VARS_TRUE_VALUES.union(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b04e638b792acda Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2121
            log_model_env = os.getenv("HF_DVCLIVE_LOG_MODEL", "FALSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a147f8992a6d36de Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2203
        self._log_model = os.getenv("SWANLAB_LOG_MODEL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91167212a11b3a98 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2274
            init_args["project"] = os.getenv("SWANLAB_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26792a0f87cf9f56 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2276
            run_id = os.getenv("SWANLAB_RUN_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ac622ae8a4b6e8 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2280
            resume = os.getenv("SWANLAB_RESUME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c55b67d0271c13 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2426
        ca_file = os.environ.get(self._ENV_CA_CERT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e1f4156334ebb80 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2444
        token_path = os.environ.get(self._ENV_TOKEN_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ebee0d5e97d2ca4 Filesystem access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2450
            with open(token_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e752617cce74b745 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2466
            url = os.environ.get(self._ENV_SERVER_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5c394ccd1f00aca4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/integrations/integration_utils.py:2494
            with urllib.request.urlopen(req, timeout=5, context=self._get_ssl_context()) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ae3401d34eb4856a Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/mxfp4.py:440
        rank = int(os.environ.get("LOCAL_RANK", "0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f381dffeccf19b0 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/npu_flash_attention.py:30
SPARSE_MODE = int(os.getenv("NPU_FA2_SPARSE_MODE", default=DOWN_RIGHT_ALIGNED_CAUSAL_MASK_MODE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d37db31a97507527 Filesystem access.
pkgs/python/[email protected]/src/transformers/integrations/peft.py:1009
        with open(_adapter_model_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60b7b221d2501751 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/tensor_parallel.py:62
                rank = int(os.environ["RANK"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f50eafed3f10afa Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/tensor_parallel.py:63
                local_rank = int(os.environ["LOCAL_RANK"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1a45eae840ab04 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/tensor_parallel.py:64
                world_size = int(os.environ["WORLD_SIZE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13b7313e7fb42c1a Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/tensor_parallel.py:81
            current_device.set_device(int(os.environ["LOCAL_RANK"]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6882d775da086368 Environment-variable access.
pkgs/python/[email protected]/src/transformers/integrations/tensor_parallel.py:100
        device_map = torch.device(f"{device_mesh.device_type}:{int(os.environ['LOCAL_RANK'])}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4026f370ee9dcb39 Filesystem access.
pkgs/python/[email protected]/src/transformers/model_debugging_utils.py:243
    with open(full_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a40a585d9f589b Filesystem access.
pkgs/python/[email protected]/src/transformers/model_debugging_utils.py:266
    with open(summary_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82710a74188b95ba Environment-variable access.
pkgs/python/[email protected]/src/transformers/modeling_flash_attention_utils.py:636
            deterministic if deterministic is not None else os.getenv("FLASH_ATTENTION_DETERMINISTIC", "0") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #958d8bfcf496bfbe Environment-variable access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:153
XLA_USE_BF16 = os.environ.get("XLA_USE_BF16", "0").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c276a663a6ddb2fa Environment-variable access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:154
XLA_DOWNCAST_BF16 = os.environ.get("XLA_DOWNCAST_BF16", "0").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94205463ef4f54a5 Environment-variable access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:191
        and int(os.environ.get("LOCAL_RANK", "-1")) == 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a1519d3acf9eb5 Filesystem access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:1957
        with open(class_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056bcacab51379f1 Filesystem access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:1976
        with open(class_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62149184bfa3b55d Filesystem access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:3430
            with open(save_index_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaf97dfb019a648a Environment-variable access.
pkgs/python/[email protected]/src/transformers/modeling_utils.py:3975
        if device_map == "auto" and int(os.environ.get("WORLD_SIZE", "0")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3078134d1607aaa Filesystem access.
pkgs/python/[email protected]/src/transformers/models/auto/auto_factory.py:304
                with open(maybe_adapter_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fed0f25cd7620a3 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/auto/processing_auto.py:375
                with open(tokenizer_config_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c8bb45683d6c56d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/auto/tokenization_auto.py:391
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19e52b766e589fce Filesystem access.
pkgs/python/[email protected]/src/transformers/models/auto/tokenization_auto.py:398
    with open(merges_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a943fdd70dafe76d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/auto/tokenization_auto.py:550
    with open(resolved_config_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbe124afddfbd7d3 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bark/processing_bark.py:101
                with open(speaker_embeddings_path) as speaker_embeddings_json:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb488f5cded273f9 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bark/processing_bark.py:164
            with open(os.path.join(save_directory, speaker_embeddings_dict_path), "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d4a0bcdf675400 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bartpho/tokenization_bartpho.py:133
        with open(monolingual_vocab_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a4b1f5a2589fb0a Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bartpho/tokenization_bartpho.py:306
            with open(out_vocab_file, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e072e993c72020c1 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bartpho/tokenization_bartpho.py:315
            with open(out_monolingual_vocab_file, "w", encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25e0e4f9eea2426f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert/tokenization_bert.py:33
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469de63da6311224 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert/tokenization_bert_legacy.py:32
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29f253c06a05c338 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert/tokenization_bert_legacy.py:245
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f720f514aabda5c5 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert_japanese/tokenization_bert_japanese.py:41
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #065d8c322251592e Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert_japanese/tokenization_bert_japanese.py:278
            with open(vocab_file, "wb") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5de5b3be034a7e4 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bert_japanese/tokenization_bert_japanese.py:282
            with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cbf44f68ee534f3 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bertweet/tokenization_bertweet.py:142
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c315301d8dd2512d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bertweet/tokenization_bertweet.py:316
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e6f5bd056b0b6ce Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bertweet/tokenization_bertweet.py:324
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd76ca527a094576 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/bertweet/tokenization_bertweet.py:338
                with open(f, "r", encoding="utf-8") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e905ddf3744ba64 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/biogpt/tokenization_biogpt.py:116
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b4176eeed631828 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/biogpt/tokenization_biogpt.py:119
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa6e4c152db72b2 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/biogpt/tokenization_biogpt.py:293
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9404ef472fe1252d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/biogpt/tokenization_biogpt.py:297
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a852989cf4b4b52 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/blenderbot_small/tokenization_blenderbot_small.py:89
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029a64a215664ab7 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/blenderbot_small/tokenization_blenderbot_small.py:92
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fc084f24dbf71ff Filesystem access.
pkgs/python/[email protected]/src/transformers/models/blenderbot_small/tokenization_blenderbot_small.py:203
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2565c6c39cadd2 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/blenderbot_small/tokenization_blenderbot_small.py:207
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d1de7c52cb5d70 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/clvp/tokenization_clvp.py:149
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d84761b63ccb39d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/clvp/tokenization_clvp.py:155
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd0132a8510b398 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/cpm/tokenization_cpm.py:324
            with open(out_vocab_file, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffea314f479e7700 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/cpmant/tokenization_cpmant.py:37
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0856fed3db3783c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/cpmant/tokenization_cpmant.py:219
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd7d72ac8112f593 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/ctrl/tokenization_ctrl.py:128
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30ed88195b814ac4 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/ctrl/tokenization_ctrl.py:131
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2583bee6503a44c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/esm/openfold_utils/residue_constants.py:417
    stereo_chemical_props = resources.read_text("openfold.resources", "stereo_chemical_props.txt")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05a9546ee3a0403d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/esm/tokenization_esm.py:28
    with open(vocab_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aff657205a3de21 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/esm/tokenization_esm.py:136
        with open(vocab_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #358c9cf8d3b0820f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fastspeech2_conformer/tokenization_fastspeech2_conformer.py:65
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62bd670672213cd7 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fastspeech2_conformer/tokenization_fastspeech2_conformer.py:163
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #273f572a8f26f763 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/flaubert/tokenization_flaubert.py:237
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35396f574c31706c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/flaubert/tokenization_flaubert.py:240
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf519454e4d922b Filesystem access.
pkgs/python/[email protected]/src/transformers/models/flaubert/tokenization_flaubert.py:498
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a891dc20bc7e903 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/flaubert/tokenization_flaubert.py:502
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1917823ef7b3bded Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:204
        with open(src_vocab_file, encoding="utf-8") as src_vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90b89a1762712398 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:206
        with open(tgt_vocab_file, encoding="utf-8") as tgt_vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e925e9d79a3538 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:209
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b865fe8a07cab04 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:446
        with open(src_vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8a0dcd4d49fd94 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:449
        with open(tgt_vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ef78c6a5af7918d Filesystem access.
pkgs/python/[email protected]/src/transformers/models/fsmt/tokenization_fsmt.py:454
        with open(merges_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a034a8d2b941353 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:35
    with open(emoji_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c160b6f3e46f676f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:41
    with open(vocab_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75724ec05307635f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:180
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #359085b1e304be9f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:190
        with open(emoji_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be03358a53e06da Filesystem access.
pkgs/python/[email protected]/src/transformers/models/luke/tokenization_luke.py:287
            with open(entity_vocab_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ed5b7283b1416af Filesystem access.
pkgs/python/[email protected]/src/transformers/models/m2m_100/tokenization_m2m_100.py:311
            with open(spm_save_path, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2681ed55aac1226f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/m2m_100/tokenization_m2m_100.py:375
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241f777b742003bb Filesystem access.
pkgs/python/[email protected]/src/transformers/models/m2m_100/tokenization_m2m_100.py:380
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5710a51902ff2449 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/marian/tokenization_marian.py:352
                with open(spm_save_path, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1057abc431311b7c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/marian/tokenization_marian.py:416
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcaf5a35a4b5e98f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/marian/tokenization_marian.py:421
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94ae98eb23e66a3b Filesystem access.
pkgs/python/[email protected]/src/transformers/models/megatron_gpt2/checkpoint_reshaping_and_interoperability.py:598
        with open(save_index_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #365c02f22794d7f5 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/megatron_gpt2/checkpoint_reshaping_and_interoperability.py:651
    with open(tracker_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf47b207c8bb782c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/mgp_str/tokenization_mgp_str.py:53
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f5f962b962f0e5 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/mgp_str/tokenization_mgp_str.py:97
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93352a351daab703 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/mluke/tokenization_mluke.py:308
            with open(entity_vocab_file, encoding="utf-8") as entity_vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #880b17020e7f6b95 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/mluke/tokenization_mluke.py:1713
        with open(entity_vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7860cd3e87913d38 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/myt5/tokenization_myt5.py:46
            with open(rewriting_rules, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1e1168c11d521f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/myt5/tokenization_myt5.py:195
        self.byte_maps = json.load(open(vocab_file, "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8340d503fcb90c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/myt5/tokenization_myt5.py:373
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d7e2e663b7099b Filesystem access.
pkgs/python/[email protected]/src/transformers/models/oneformer/image_processing_oneformer.py:109
    with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d41ecd5dc8fe1468 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/oneformer/image_processing_pil_oneformer.py:240
    with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #907f52bff508113e Filesystem access.
pkgs/python/[email protected]/src/transformers/models/phobert/tokenization_phobert.py:126
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34ef8ef897e9b41 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/phobert/tokenization_phobert.py:310
            with open(out_vocab_file, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4b730da92dd37a9 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/phobert/tokenization_phobert.py:331
                with open(f, "r", encoding="utf-8") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #452af1c4d5b23d49 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/pop2piano/tokenization_pop2piano.py:111
        with open(vocab, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4a2e41b6ee73578 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/pop2piano/tokenization_pop2piano.py:358
        with open(out_vocab_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2efa6107e7ffd24e Filesystem access.
pkgs/python/[email protected]/src/transformers/models/prophetnet/tokenization_prophetnet.py:259
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ae32af80b200f8 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/prophetnet/tokenization_prophetnet.py:438
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ce6d4a14c3fa84c Environment-variable access.
pkgs/python/[email protected]/src/transformers/models/rag/retrieval_rag.py:134
        if not strtobool(os.environ.get("TRUST_REMOTE_CODE", "False")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56710a6bf91ac8c6 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/rag/retrieval_rag.py:141
        with open(passages_path, "rb") as passages_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eed9b02cfb7656c9 Environment-variable access.
pkgs/python/[email protected]/src/transformers/models/rag/retrieval_rag.py:150
        if not strtobool(os.environ.get("TRUST_REMOTE_CODE", "False")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9fd2ca6a98e0234 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/rag/retrieval_rag.py:157
        with open(resolved_meta_path, "rb") as metadata_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a648ba4f88e25c3 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:52
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85adbfc2477f00db Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:139
        with open(word_shape_file, "r", encoding="utf8") as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #941212a8d621f252 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:142
        with open(word_pronunciation_file, "r", encoding="utf8") as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ffe1293b8e36db6 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:1077
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90ba8ec24bce3272 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:1088
        with open(word_shape_file, "w", encoding="utf8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00325f9ddf3327e7 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/roc_bert/tokenization_roc_bert.py:1091
        with open(word_pronunciation_file, "w", encoding="utf8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #810f105e3f296df5 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/siglip/tokenization_siglip.py:345
            with open(out_vocab_file, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ff65fe6a6ddb34a Filesystem access.
pkgs/python/[email protected]/src/transformers/models/speech_to_text/tokenization_speech_to_text.py:271
            with open(spm_save_path, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9a1d124a8118025 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/speech_to_text/tokenization_speech_to_text.py:285
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #832ed363328d5132 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/speech_to_text/tokenization_speech_to_text.py:290
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705b6a1269c3c8da Filesystem access.
pkgs/python/[email protected]/src/transformers/models/splinter/tokenization_splinter.py:33
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c26391ecc4eeb9 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/tapas/tokenization_tapas.py:91
    with open(vocab_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a64b22e5039eea Filesystem access.
pkgs/python/[email protected]/src/transformers/models/tapas/tokenization_tapas.py:394
        with open(vocab_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c43f25e04d82270c Filesystem access.
pkgs/python/[email protected]/src/transformers/models/vits/tokenization_vits.py:83
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53750bf569f43014 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/vits/tokenization_vits.py:242
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36455bfe670460d0 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/wav2vec2/tokenization_wav2vec2.py:154
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b863cd9b2a99ac7 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/wav2vec2/tokenization_wav2vec2.py:647
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4957d8d1d1b368f Filesystem access.
pkgs/python/[email protected]/src/transformers/models/wav2vec2_phoneme/tokenization_wav2vec2_phoneme.py:129
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7cd161b63436867 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/wav2vec2_phoneme/tokenization_wav2vec2_phoneme.py:565
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f81af49f7aaf42 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/whisper/tokenization_whisper.py:266
            with open(normalizer_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c80547355e54ec51 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/whisper/tokenization_whisper.py:560
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616f1b42fabb1e34 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/whisper/tokenization_whisper.py:563
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46db6db4e57b9146 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/whisper/tokenization_whisper.py:568
            with open(normalizer_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a865643b5bf656d0 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/xlm/tokenization_xlm.py:244
        with open(vocab_file, encoding="utf-8") as vocab_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d1ba1257d3e6679 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/xlm/tokenization_xlm.py:247
        with open(merges_file, encoding="utf-8") as merges_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #661d3ba625ad7692 Filesystem access.
pkgs/python/[email protected]/src/transformers/models/xlm/tokenization_xlm.py:541
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc03f4a3957afdd Filesystem access.
pkgs/python/[email protected]/src/transformers/models/xlm/tokenization_xlm.py:545
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eb557e3b82a8228 Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/__init__.py:694
                with open(maybe_adapter_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #878e620db422db84 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/pipelines/audio_classification.py:172
                inputs = httpx.get(inputs, follow_redirects=True).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7bb200b88db19cd0 Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/audio_classification.py:174
                with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0ae11b200a439965 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/pipelines/automatic_speech_recognition.py:346
                inputs = httpx.get(inputs, follow_redirects=True).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9b8bbc11155c0714 Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/automatic_speech_recognition.py:348
                with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae65603ab47ad2f Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:454
        with open(binary_path, "wb+") as f_output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e903a23878ecad Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:517
        with open(self.input_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2af74cb2050daff9 Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:532
        with open(self.output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ce0c0f5bd7cbdc Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:560
        with open(input_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b00ca290db9d4b87 Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:577
        with open(self.output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aa59322f0329d1f Environment-variable access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:1181
        if "TOKENIZERS_PARALLELISM" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fe06138834255b6 Environment-variable access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:1183
            os.environ["TOKENIZERS_PARALLELISM"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #749e7fd4fd139e66 Environment-variable access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:1301
        if "TOKENIZERS_PARALLELISM" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2644f35254111158 Environment-variable access.
pkgs/python/[email protected]/src/transformers/pipelines/base.py:1303
            os.environ["TOKENIZERS_PARALLELISM"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0c36ac5b18503378 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/pipelines/video_classification.py:137
            video = BytesIO(httpx.get(video, follow_redirects=True).content)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #10d2e5522b1a53af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/pipelines/zero_shot_audio_classification.py:109
                audio = httpx.get(audio, follow_redirects=True).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #256fef1650c57b0f Filesystem access.
pkgs/python/[email protected]/src/transformers/pipelines/zero_shot_audio_classification.py:111
                with open(audio, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b0e78c4b8739ee6 Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:791
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126983f2a31bd329 Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:871
            with open(output_chat_template_file_jinja, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ec68f6df3cc01c Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:879
                    with open(output_chat_template_file_jinja, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e974970f332dc2 Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:885
                    with open(template_filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9cea95032b03171 Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:1073
            with open(resolved_chat_template_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49fc451eee34a50d Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:1085
                template_name: open(template_file, "r", encoding="utf-8").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0163613c205f195f Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:1089
                with open(resolved_raw_chat_template_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #141892a8642511bd Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:1104
                with open(resolved_processor_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7507a1bb897ec55a Filesystem access.
pkgs/python/[email protected]/src/transformers/processing_utils.py:1130
                reader = open(resolved_audio_tokenizer_file, "r", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #24c3e7379f65b44e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/safetensors_conversion.py:48
    result = httpx.post(sse_url, follow_redirects=True, json=data).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2c86786e61fcf1dd Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:252
        value = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a25259406fad0550 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:268
        value = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648ffe08dfd15bfd Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:983
    if "TRANSFORMERS_TEST_BACKEND" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48027c9477030ca Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:984
        backend = os.environ["TRANSFORMERS_TEST_BACKEND"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ab8874ed53fec1 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:993
    if "TRANSFORMERS_TEST_DEVICE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #565b1be12dd9d2d2 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:994
        torch_device = os.environ["TRANSFORMERS_TEST_DEVICE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1002ebf4e5c7dd14 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2043
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a38ecabfa5560929 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2165
            for k in list(os.environ.keys()):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ece97aa64768e3f Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2167
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e51702b13dd47d9 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2178
    return mock.patch.dict(os.environ, kwargs)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ac5ff98f1d6569a Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2193
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #748d186730c153e9 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2295
        with open(report_files["durations"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c063369d05e723fe Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2325
    with open(report_files["failures_long"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a456571c54489d5 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2330
    with open(report_files["failures_short"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #febe4880fd27e011 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2335
    with open(report_files["failures_line"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e39d3c32fad4bd4 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2339
    with open(report_files["errors"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d7566974b1b84bb Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2343
    with open(report_files["warnings"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bdddc192c087a60 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2357
    with open(report_files["summary_short"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc164fe3e34e2df Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2361
    with open(report_files["stats"], "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0608da72c4ff2ef7 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2461
    worker = os.environ.get("PYTEST_XDIST_WORKER", "gw0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8ee077b89729ee9 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2508
    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d68a76a9cd4021de Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2729
        timeout = int(os.environ.get("PYTEST_TIMEOUT", "600"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dac85e874712178 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2765
        if os.getenv("_INSIDE_SUB_PROCESS", None) == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43b147836b8a9e4f Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2768
            test = " ".join(os.environ.get("PYTEST_CURRENT_TEST").split(" ")[:-1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c89c31d0c89d3894 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2770
                env = copy.deepcopy(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127597a70e38ab6b Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:2887
    skip_cuda_tests: bool = os.environ.get("SKIP_CUDA_DOCTEST", "0") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7521f6d6c8191bd8 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3125
    if "TRANSFORMERS_TEST_DEVICE_SPEC" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816ffb6822d074d7 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3126
        device_spec_path = os.environ["TRANSFORMERS_TEST_DEVICE_SPEC"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971e7e775b03c559 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3149
        if "TRANSFORMERS_TEST_DEVICE" in os.environ and torch_device != device_name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae76651929eb4c77 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3348
    force_fullgraph = os.environ.get("TORCH_COMPILE_FORCE_FULLGRAPH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #748ce323a725c531 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3371
    full_test_name = os.environ.get("PYTEST_CURRENT_TEST", "").split(" ")[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb08220ed7ef7182 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3451
    with open(actual_test_file) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20fd0bab98b09728 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3457
    with open(caller_path) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fc6522018c26cce Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3545
    p = os.path.join(os.environ.get("_PATCHED_TESTING_METHODS_OUTPUT_DIR", ""), "captured_info.txt")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b747860f606efb4d Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3547
    with open(p, "a") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #054937bb84ee1a14 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3664
        if not os.environ.get("PYTEST_CURRENT_TEST", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #678481c681a6785e Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3701
            if os.getenv("CI") == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b586d4ecc8d346c9 Environment-variable access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:3777
    p = os.path.join(os.environ.get("_PATCHED_TESTING_METHODS_OUTPUT_DIR", ""), "captured_info.txt")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef9e766239981b9b Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:4131
    with open(file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6319904c4fee930 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:4136
    with open(file, "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b951c2fd6377760 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:4372
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e21b6cb2c72568b7 Filesystem access.
pkgs/python/[email protected]/src/transformers/testing_utils.py:4381
            with open(new_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9b313dc3787afc Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_python.py:1390
        with open(vocab_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb6fcc8923cc8813 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_python.py:1399
        with open(merge_file, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4780b2bb3c1e922e Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1643
                    with open(resolved_config_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d439aaac521acc8 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1762
            with open(tokenizer_config_file, encoding="utf-8") as tokenizer_config_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #362c9d95626c290c Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1781
            with open(chat_template_file, encoding="utf-8") as chat_template_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #423c3ea32ade6c26 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1788
            with open(template_file) as chat_template_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ecc53dce9eb784 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1850
                with open(special_tokens_map_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4526c457ae2c9cef Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1880
                with open(added_tokens_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb94c96cf1032e7 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:1893
                with open(tokenizer_file, encoding="utf-8") as tokenizer_file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c457ff5307b97738 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:2096
        with open(tokenizer_config_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f06008e3f115d53 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:2149
            with open(added_tokens_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f54491c421039468 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3264
            with open(chat_template_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c967f9602f760b3 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3275
                    with open(chat_template_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4741880cde85444 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3282
                    with open(template_filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f053c3a8813e36 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3460
            with open(resolved_vocab_file, "r", encoding="utf-8") as vf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e44d2fbe2ea04c8f Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3486
                with open(resolved_vocab_txt, "r", encoding="utf-8") as vf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b91aee56c7751d Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_base.py:3512
            with open(resolved_merges_file, "r", encoding="utf-8") as mf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81d29877cf94942f Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_sentencepiece.py:260
            with open(out_vocab_file, "wb") as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57519f5d81fb32a5 Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_tokenizers.py:121
            with open(fast_tokenizer_file, encoding="utf-8") as tokenizer_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e5692b029eb7c2c Filesystem access.
pkgs/python/[email protected]/src/transformers/tokenization_utils_tokenizers.py:1313
                with open(_config_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d218e100b6c3caef Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer.py:2432
                model, device_ids=[int(os.getenv("SMDATAPARALLEL_LOCAL_RANK"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #655de3612f640a3b Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer.py:3987
        with open(model_card_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52ec4b4b3b3ff2c6 Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer.py:4092
                with open(index_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c977625223d55643 Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_callback.py:146
        with open(json_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2292990338e23a6 Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_callback.py:152
        with open(json_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d26ad52ca917912a Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_jit_checkpoint.py:60
            with open(sentinel_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba3b9a6c8bc4f83 Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_pt_utils.py:943
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38d8d66ed9f9881e Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_pt_utils.py:949
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa62cedf964475a1 Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_pt_utils.py:955
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fba1d77c21cb83c Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:166
        os.environ["CUDA_LAUNCH_BLOCKING"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62bd0bf3e1d033b5 Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:167
        os.environ["CUBLAS_WORKSPACE_CONFIG"] = ":16:8"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b35082d476b249a0 Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:169
        os.environ["ASCEND_LAUNCH_BLOCKING"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f624f72b3d792dfe Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:170
        os.environ["HCCL_DETERMINISTIC"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e56fc201d8b9a51 Environment-variable access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:172
        os.environ["FLASH_ATTENTION_DETERMINISTIC"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e2c8785903feaca Filesystem access.
pkgs/python/[email protected]/src/transformers/trainer_utils.py:1092
    with open(load_index, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e729f67728ad1cd Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:85
    if os.environ.get("TORCHELASTIC_RUN_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1417819cec71ac4d Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1541
        self.mixed_precision = os.environ.get("ACCELERATE_MIXED_PRECISION", "no")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81565b9229c03cea Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1559
                os.environ["ACCELERATE_DYNAMO_BACKEND"] = self.torch_compile_backend

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66275fbc1e40dd94 Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1561
                    os.environ["ACCELERATE_DYNAMO_MODE"] = self.torch_compile_mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9979d798090c0a03 Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1633
        elif strtobool(os.environ.get("ACCELERATE_USE_DEEPSPEED", "false")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58253fb30ecc418d Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1793
        if self.use_cpu or strtobool(os.environ.get("ACCELERATE_USE_CPU", "False")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #515be8b11161865b Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1817
                os.environ["ACCELERATE_USE_DEEPSPEED"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d797c40ed624de Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1820
                del os.environ["ACCELERATE_USE_DEEPSPEED"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad70d98d76984667 Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:1860
                    "cuda:0" if torch.cuda.is_available() else os.environ.get("ACCELERATE_TORCH_DEVICE", "cpu")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #742ccc8febc3f156 Filesystem access.
pkgs/python/[email protected]/src/transformers/training_args.py:2701
            with open(self.fsdp_config, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbf6489bfb34e809 Environment-variable access.
pkgs/python/[email protected]/src/transformers/training_args.py:2801
            os.environ["FSDP_CPU_RAM_EFFICIENT_LOADING"] = cpu_ram_efficient_loading

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e7c70ce34fd30b48 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/utils/attention_visualizer.py:183
            img = Image.open(io.BytesIO(httpx.get(img, follow_redirects=True).content))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a5888c170d9b3581 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/generic.py:347
        with open(json_file, encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96231a0f9c76073 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/generic.py:827
        with open(pretrained_model_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae558e27a3010da5 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/generic.py:833
        with open(os.path.join(pretrained_model_path, "config.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09c1706a822d668 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:92
HF_MODULES_CACHE = os.getenv("HF_MODULES_CACHE", os.path.join(constants.HF_HOME, "modules"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9eb3637bea92e446 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/utils/hub.py:163
        instance_data = httpx.get(os.environ["ECS_CONTAINER_METADATA_URI"]).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #175debb1374fdb8a Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:163
        instance_data = httpx.get(os.environ["ECS_CONTAINER_METADATA_URI"]).json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7d523e5b81b3b3f Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:170
    sagemaker_params = json.loads(os.getenv("SM_FRAMEWORK_PARAMS", "{}"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a07504e0d2b172d Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:172
    training_job_arn = os.getenv("TRAINING_JOB_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a6430c1d0eac08 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:176
        "sm_framework": os.getenv("SM_FRAMEWORK_MODULE", None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5af158fbdc0a1a3 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:177
        "sm_region": os.getenv("AWS_REGION", None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e92e8261a99df493 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:178
        "sm_number_gpu": os.getenv("SM_NUM_GPUS", "0"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4065abb071f1a06 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:179
        "sm_number_cpu": os.getenv("SM_NUM_CPUS", "0"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #065357f2ea6039ca Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:200
    if os.environ.get("TRANSFORMERS_IS_CI", "").upper() in ENV_VARS_TRUE_VALUES:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc38954bf6046087 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/hub.py:864
    with open(index_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e98283faf457788 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:115
    return os.getenv(env_variable, "false").lower() in ("true", "1", "y", "yes", "on")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f4e2b6235ec9a3 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:120
    return os.getenv(env_variable, "true").lower() in ("false", "0", "n", "no", "off")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a44e7d4cbf6d582 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:127
USE_TORCH_XLA = os.environ.get("USE_TORCH_XLA", "1").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d36aea18785c2084 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:328
    pytorch_cndev_based_mlu_check_previous_value = os.environ.get("PYTORCH_CNDEV_BASED_MLU_CHECK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a608768af57d93 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:330
        os.environ["PYTORCH_CNDEV_BASED_MLU_CHECK"] = str(1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05da1b660d30a217 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:334
            os.environ["PYTORCH_CNDEV_BASED_MLU_CHECK"] = pytorch_cndev_based_mlu_check_previous_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #464f49b7bec50d2f Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:336
            os.environ.pop("PYTORCH_CNDEV_BASED_MLU_CHECK", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0cfac4cf35f2fe1 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:406
    if os.environ.get("PT_HPU_LAZY_MODE", "1") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c045bb9a045a9964 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1520
    if os.getenv("TRANSFORMERS_DISABLE_TORCH_CHECK", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ed4ed343550db5 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1554
        if "DATABRICKS_RUNTIME_VERSION" in os.environ and os.environ["DATABRICKS_RUNTIME_VERSION"] < "11.0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f796d5318249d59 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1566
    sagemaker_params = os.getenv("SM_FRAMEWORK_PARAMS", "{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18a6c19bb770a72c Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1580
    smp_options = os.getenv("SM_HP_MP_PARAMETERS", "{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71652ecbe1887d27 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1590
    mpi_options = os.getenv("SM_FRAMEWORK_PARAMS", "{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838fbb1a617e5165 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:1603
    return "SAGEMAKER_JOB_NAME" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbc6e5e4ffd84ced Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/import_utils.py:2713
        with open(os.path.join(module_path, module_name), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64d108f3627c3bb1 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/logging.py:64
    env_level_str = os.getenv("TRANSFORMERS_VERBOSITY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d83b0b7feeeb71bd Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/logging.py:94
            sys.stderr = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b6ba0edde3ac4c2 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/logging.py:103
        if os.getenv("TRANSFORMERS_VERBOSITY", None) == "detail":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b6f4e4590a122d Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/logging.py:107
        ci = os.getenv("CI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8b294c9747b98c Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/logging.py:315
    no_advisory_warnings = os.getenv("TRANSFORMERS_NO_ADVISORY_WARNINGS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83562e37d52bcb79 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/network_logging.py:172
        Path(dump_path).write_text(json.dumps(records), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8271c31f4d436128 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/network_logging.py:182
                records = json.loads(Path(record_file).read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7f7cdd387cd3f82 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/network_logging.py:327
        report_path.write_text(json.dumps(self.build_report(), indent=2, sort_keys=True), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c67277bb424f14 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/network_logging.py:338
    enabled_raw = os.environ.get("NETWORK_DEBUG_REPORT", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1ca340e84a25a88 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/network_logging.py:344
    output_path = os.environ.get("NETWORK_DEBUG_REPORT_PATH", "").strip() or _DEFAULT_REPORT_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d030c3b3037d474 Environment-variable access.
pkgs/python/[email protected]/src/transformers/utils/notebook.py:128
        if "VSCODE_PID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fe8fd0ebd468457 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/pytest_helpers.py:39
    data = json.loads(p.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a77fcd805905b3f9 Filesystem access.
pkgs/python/[email protected]/src/transformers/utils/quantization_config.py:142
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb9b803bc7ae92a5 Filesystem access.
pkgs/python/[email protected]/src/transformers/video_processing_utils.py:769
        with open(json_file_path, "w", encoding="utf-8") as writer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #083584a759a2bbd9 Filesystem access.
pkgs/python/[email protected]/src/transformers/video_processing_utils.py:789
        with open(json_file, "r", encoding="utf-8") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f881f271bfe3d042 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/transformers/video_utils.py:701
        file_obj = BytesIO(httpx.get(video, follow_redirects=True).content)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

accelerate

python dependency
medium telemetry dependency Excluded from app score #268dcb9d0db2d351 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/accelerate/tracking.py:654
            self.writer.track(value, name=key, step=step, **kwargs)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c511e3adf0c7ef45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/accelerate/tracking.py:686
            self.writer.track(aim_image, name=key, step=step, **track_kw)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 225 low-confidence finding(s)
low env_fs dependency Excluded from app score #3c6e12cc376e7a9d Filesystem access.
pkgs/python/[email protected]/setup.py:61
    long_description=open("README.md", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #629596590f92a770 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:346
                    if os.environ.get("ACCELERATE_USE_DEEPSPEED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35061edab5cf21e4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:366
            os.environ["ACCELERATE_USE_DEEPSPEED"] = "true"  # use DeepSpeed if plugin is provided

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bf111e3a0525f3b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:380
        if os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true" or isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bb60fb5e433eea7 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:389
                if os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaa0dc0a6d9b4c30 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:395
            os.environ["ACCELERATE_USE_FSDP"] = "true"  # use FSDP if plugin is provided

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939719556240283b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:403
                MegatronLMPlugin() if os.environ.get("ACCELERATE_USE_MEGATRON_LM", "false").lower() == "true" else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c7c27e2018cc40a Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:408
            os.environ["ACCELERATE_USE_MEGATRON_LM"] = "true"  # use MegatronLM if plugin is provided

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cbcb0166f39cf2d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:457
            elif os.environ.get("ACCELERATE_USE_PARALLELISM_CONFIG", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77bad7c35e926ac5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:1474
                and os.environ.get("ACCELERATE_BYPASS_DEVICE_MAP", "false") != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a5fac566593ab63 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:1800
            and os.environ.get("ACCELERATE_BYPASS_DEVICE_MAP", "false") != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5dcdfc02153269 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:1874
                    if os.environ.get("ACCELERATE_BYPASS_DEVICE_MAP", "false") != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e34ec010d1408c2a Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:2356
                        if self.device.type == "hpu" and os.environ.get("PT_HPU_LAZY_MODE", "1") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #accf22edbff34ff5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:2371
                os.environ["DEEPSPEED_USE_HPU"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d57193b71f91b5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:2988
            if os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac8c47634668e52 Filesystem access.
pkgs/python/[email protected]/src/accelerate/accelerator.py:3523
            with open(save_index_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c1e9b42d67def20 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:30
    os.environ.get("HF_HOME", os.path.join(os.environ.get("XDG_CACHE_HOME", "~/.cache"), "huggingface"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80678d5fc6d6a691 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:54
    with open(config_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51970bde1544e308 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:131
        with open(json_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19245b56e6faca7 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:144
        with open(json_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bd14a80734ee768 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:151
        with open(yaml_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6de9417b4b119a6 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/config/config_args.py:163
        with open(yaml_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07e16e0153c44407 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/commands/config/sagemaker.py:106
        os.environ["AWS_PROFILE"] = aws_profile

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dfd8eb581287142 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/commands/config/sagemaker.py:113
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #761cdcc2abd7e34f Environment-variable access.
pkgs/python/[email protected]/src/accelerate/commands/config/sagemaker.py:116
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2affcc28f8ac09 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/commands/config/sagemaker.py:119
    os.environ["AWS_DEFAULT_REGION"] = aws_region

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59305ed5ea423891 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/launch.py:1055
        with open(DEEPSPEED_ENVIRONMENT_NAME, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8e628019f857c0 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/to_fsdp2.py:154
    with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a83e94b1d02b47 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/to_fsdp2.py:171
    with open(args.output_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3700eca9c15dd411 Filesystem access.
pkgs/python/[email protected]/src/accelerate/commands/tpu.py:115
        with open(args.command_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c95f5413f6382e5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/launchers.py:124
    if any(key.startswith("KAGGLE") for key in os.environ.keys()):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ae0823df22da527 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/launchers.py:137
        (os.environ.get("TPU_NAME", None) is not None) or (os.environ.get("PJRT_DEVICE", "") == "TPU")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672dae0a80a8f22d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/launchers.py:211
                if os.environ.get("ACCELERATE_DEBUG_MODE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df391ba102bca241 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/launchers.py:265
                os.environ["PYTORCH_ENABLE_MPS_FALLBACK"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c0078e1293abfa9 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/logging.py:128
        log_level = os.environ.get("ACCELERATE_LOG_LEVEL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfcea60b70bcf27d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:277
            self.dp_replicate_size = int(os.environ.get("PARALLELISM_CONFIG_DP_REPLICATE_SIZE", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c616b27bdbce509b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:279
            self.dp_shard_size = int(os.environ.get("PARALLELISM_CONFIG_DP_SHARD_SIZE", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b750dddd21af0723 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:281
            self.tp_size = int(os.environ.get("PARALLELISM_CONFIG_TP_SIZE", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef3172ab8c45c28 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:283
            self.cp_size = int(os.environ.get("PARALLELISM_CONFIG_CP_SIZE", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5273c2ed98798da Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:285
            self.cp_backend = os.environ.get("PARALLELISM_CONFIG_CP_BACKEND", "torch")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0c45ca4477a207c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:287
            self.sp_size = int(os.environ.get("PARALLELISM_CONFIG_SP_SIZE", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c86aaf234c1558 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/parallelism_config.py:289
            self.sp_backend = os.environ.get("PARALLELISM_CONFIG_SP_BACKEND", "deepspeed")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd58ebc8058e6975 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:182
            env_device = os.environ.get("ACCELERATE_TORCH_DEVICE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785f67d93ad9bea4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:189
                    os.environ.get("ACCELERATE_USE_SAGEMAKER", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #437551ba56b11545 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:190
                    and os.environ.get("ACCELERATE_SAGEMAKER_DISTRIBUTED_TYPE") != SageMakerDistributedType.NO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c07031e3a5b24599 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:202
                if int(os.environ.get("LOCAL_RANK", -1)) != -1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c963ef6e0111164b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:204
                    if os.environ.get("ACCELERATE_USE_DEEPSPEED", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32f57d6c063c9338 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:213
                                local_rank = os.environ.get("LOCAL_RANK", -1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d9a255bb59480c1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:224
                            local_rank = os.environ.get("LOCAL_RANK", -1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #006dc7e0ffccb239 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:228
                            and os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539cf6ec0a0d15c5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:230
                                os.environ.get("FSDP_OFFLOAD_PARAMS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a07a87607f9cc538 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:231
                                or os.environ.get("FSDP_STATE_DICT_TYPE", "SHARDED_STATE_DICT") == "FULL_STATE_DICT"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45df07d7323f392c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:237
                            and os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569bd74bcdf2c7c5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:239
                                os.environ.get("FSDP_OFFLOAD_PARAMS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6840956305e54a Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:240
                                or os.environ.get("FSDP_STATE_DICT_TYPE", "SHARDED_STATE_DICT") == "FULL_STATE_DICT"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d00c4cfce4ca88 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:249
                os.environ["RANK"] = str(dist_information.rank)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c928544cd6270a88 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:250
                os.environ["WORLD_SIZE"] = str(dist_information.world_size)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d2b5ae9988ec75 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:251
                os.environ["LOCAL_RANK"] = str(dist_information.local_rank)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266e59e25176a34f Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:252
                os.environ["LOCAL_WORLD_SIZE"] = str(dist_information.local_world_size)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1f83b7b2915418a Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:253
                if not os.environ.get("MASTER_PORT", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11547b3df852fe92 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:254
                    os.environ["MASTER_PORT"] = "29500"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c03cbd5ffdae63f2 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:256
                    not os.environ.get("MASTER_ADDR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241a880d4d535226 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:302
                    self.local_process_index = int(os.environ.get("LOCAL_RANK", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #164f15dd0b15b3d4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:307
                    int(os.environ.get("LOCAL_RANK", -1)) if dist_information is None else dist_information.local_rank

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c7fb2b30cd6f137 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:320
                if "NCCL_P2P_DISABLE" not in os.environ or "NCCL_IB_DISABLE" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ba68bafa6c6879 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:735
            os.environ["PYTORCH_ENABLE_MPS_FALLBACK"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82de3cbf0fdbf238 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:772
        elif int(os.environ.get("LOCAL_RANK", -1)) != -1 and not cpu:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed405b9bd559ae67 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:807
                int(os.environ.get("LOCAL_RANK", -1)) != -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67d1705d2c282d02 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:967
                    if os.environ.get("ACCELERATE_DOWNCAST_BF16"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6994b027908ded44 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:968
                        os.environ["XLA_USE_BF16"] = str(0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec088fd517888914 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:969
                        os.environ["XLA_DOWNCAST_BF16"] = str(1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173aa1fa145706b3 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:972
                        os.environ["XLA_USE_BF16"] = str(1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c59f27c6335d976 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:973
                        os.environ["XLA_DOWNCAST_BF16"] = str(0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2da5db725ac64e5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:975
            elif os.environ.get("ACCELERATE_USE_DEEPSPEED", "false").lower() == "true" and not cpu:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34a51da0be5bc8db Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:998
                if not os.environ.get("ACCELERATE_ALLOW_CP_STANDALONE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f157d3b525e9a1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:1011
                if (os.environ.get("ACCELERATE_USE_FSDP", "false").lower() == "true" or fsdp_plugin is not None) or (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #349d708a9b57cfc5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:1018
                if os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64e10bb57107e82 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/state.py:1018
                if os.environ.get(
                    "ACCELERATE_USE_MEGATRON_LM", "false"
                ).lower() == "true" and self.distributed_type not in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3391c7c585dc412 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/examples.py:89
    with open(base_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b88d5b1aee52ac2 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/examples.py:91
    with open(os.path.abspath(os.path.join("examples", "nlp_example.py"))) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d9971371fbcbb6 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/examples.py:93
    with open(feature_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3622bc42044c4364 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/examples.py:96
        with open(secondary_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #32d05802522944bb Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/external_deps/test_checkpointing.py:184
        with open(os.path.join(args.output_dir, f"state_{starting_epoch - 1}.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3e888d41bb6caf19 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/external_deps/test_checkpointing.py:224
            with open(os.path.join(args.output_dir, f"state_{epoch}.json"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ee95f3b3878d91c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/external_deps/test_metrics.py:34
os.environ["TRANSFORMERS_NO_ADVISORY_WARNINGS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #46a0164e93ef0fdf Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/external_deps/test_peak_memory_usage.py:273
        with open(os.path.join(args.output_dir, "peak_memory_utilization.json"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #edc123168b0fded2 Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/external_deps/test_performance.py:233
        with open(os.path.join(args.output_dir, "all_results.json"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #54d3e594e2145672 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/test_notebook.py:53
NUM_PROCESSES = int(os.environ.get("ACCELERATE_NUM_PROCESSES", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ccfe7f7e703ba2ba Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/test_script.py:96
            with open(path, "a+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3d93a1943fc842c Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/test_script.py:99
            with open(path, "a+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #013a63d436e11f5f Filesystem access.
pkgs/python/[email protected]/src/accelerate/test_utils/scripts/test_script.py:104
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b8c0114202dd554 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/test_utils/testing.py:138
        value = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b68dcd479e486f Environment-variable access.
pkgs/python/[email protected]/src/accelerate/test_utils/testing.py:798
    worker = os.environ.get("PYTEST_XDIST_WORKER", "gw0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd5ae070f98aec94 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/test_utils/testing.py:829
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dfcf1942f0b0aef Filesystem access.
pkgs/python/[email protected]/src/accelerate/tracking.py:237
        with open(os.path.join(dir_name, "hparams.yml"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #951cd861a6fd6e2d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:737
        experiment_name = os.environ.get("MLFLOW_EXPERIMENT_NAME", experiment_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #378278fb5118e206 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:738
        run_id = os.environ.get("MLFLOW_RUN_ID", run_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4f926a085fcc30b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:739
        tags = os.environ.get("MLFLOW_TAGS", tags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5498e012b35580b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:743
        nested_run = os.environ.get("MLFLOW_NESTED_RUN", nested_run)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56431e6f55d057d5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:935
        task_init_args.setdefault("project_name", os.environ.get("CLEARML_PROJECT", self.user_provided_run_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa7203bbd5cc269b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/tracking.py:936
        task_init_args.setdefault("task_name", os.environ.get("CLEARML_TASK", self.user_provided_run_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c643829ccdbc5cb Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:413
            self.margin = int(os.environ.get(env_prefix + "MARGIN", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63474d6227b196e5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:415
            self.interval = int(os.environ.get(env_prefix + "INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a8449b10a236a6 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:417
            self.fp8_format = os.environ.get(env_prefix + "FORMAT", "HYBRID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f391a7b780aeb79 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:422
            self.amax_compute_algo = os.environ.get(env_prefix + "AMAX_COMPUTE_ALGO", "most_recent")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f6b0a407a944f2d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:427
            self.amax_history_len = int(os.environ.get(env_prefix + "AMAX_HISTORY_LEN", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29265afedfb4e7e4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:449
            self.opt_level = os.environ.get(env_prefix + "OPT_LEVEL", "O2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5c01eec7167154f Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:472
            self.backend = os.environ.get(env_prefix + "BACKEND", default_backend)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71d51b711e57986 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1089
            self.backend = os.environ.get(prefix + "BACKEND", "no")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7861cb017335e1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1093
            self.mode = os.environ.get(prefix + "MODE", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c78ea198f0d9e1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1095
            self.fullgraph = str_to_bool(os.environ.get(prefix + "USE_FULLGRAPH", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f841ecbeee627a35 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1098
                str_to_bool(os.environ.get(prefix + "USE_REGIONAL_COMPILATION", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3f49a9ea2c5110 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1101
        if self.dynamic is None and os.environ.get(prefix + "USE_DYNAMIC", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a155d67789dab5ea Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1102
            self.dynamic = str_to_bool(os.environ.get(prefix + "USE_DYNAMIC", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfb8b5728fe560f9 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1224
            gas = os.environ.get("ACCELERATE_GRADIENT_ACCUMULATION_STEPS", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b74fe53e02916f4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1228
            gradient_clipping = os.environ.get("ACCELERATE_GRADIENT_CLIPPING", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4c50dde5e493eb6 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1232
            self.zero_stage = int(os.environ.get("ACCELERATE_DEEPSPEED_ZERO_STAGE", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46da18900059139 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1235
            self.offload_optimizer_device = os.environ.get("ACCELERATE_DEEPSPEED_OFFLOAD_OPTIMIZER_DEVICE", "none")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56149fd27ccac775 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1238
            self.offload_param_device = os.environ.get("ACCELERATE_DEEPSPEED_OFFLOAD_PARAM_DEVICE", "none")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e69ac30a9dbcdad Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1241
            self.offload_optimizer_nvme_path = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1be195a7e8048038 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1241
            self.offload_optimizer_nvme_path = os.environ.get(
                "ACCELERATE_DEEPSPEED_OFFLOAD_OPTIMIZER_NVME_PATH", "none"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89dcbd00537061eb Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1246
            self.offload_param_nvme_path = os.environ.get("ACCELERATE_DEEPSPEED_OFFLOAD_PARAM_NVME_PATH", "none")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83cabd14408e4a6 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1250
                os.environ.get("ACCELERATE_DEEPSPEED_ZERO3_SAVE_16BIT_MODEL", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fea1d6ac68417fa3 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1253
            self.enable_msamp = os.environ.get("ACCELERATE_FP8_BACKEND", None) == "MSAMP"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6e432c78e16633 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1256
            self.msamp_opt_level = os.environ.get("ACCELERATE_FP8_OPT_LEVEL", "O1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #873f12de3646d1b2 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1259
            self.hf_ds_config = os.environ.get("ACCELERATE_DEEPSPEED_CONFIG_FILE", "none")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb4846af947d627 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1324
                    os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f163bbfdf2655dd Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1324
                    os.environ.get(
                        "ACCELERATE_DEEPSPEED_ZERO3_INIT",
                        str(self.hf_ds_config.is_zero3()),
                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5a3ded0f32e44a8 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1506
        deepspeed_fields_from_accelerate_config = os.environ.get("ACCELERATE_CONFIG_DS_FIELDS", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fdec66c1a3ad846 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1519
            self.transformer_moe_cls_names = os.environ.get("ACCELERATE_DEEPSPEED_MOE_LAYER_CLS_NAMES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58607cd7437ccf45 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1806
            self.fsdp_version = int(os.environ.get(env_prefix + "VERSION", "1"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc718638a2562d15 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1821
                self.sharding_strategy = os.environ.get(env_prefix + "SHARDING_STRATEGY", "FULL_SHARD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f618c3242507e4b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1832
            reshard_after_forward = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c964710a1399905 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1832
            reshard_after_forward = os.environ.get(
                env_prefix + "RESHARD_AFTER_FORWARD",
                "true" if self.fsdp_version == 2 else "FULL_SHARD",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69481d5429305104 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1862
            self.cpu_offload = str_to_bool(os.environ.get(env_prefix + "OFFLOAD_PARAMS", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #174678d81a2f7e29 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1868
            self.backward_prefetch = os.environ.get(env_prefix + "BACKWARD_PREFETCH", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfcc2237b79b3dfd Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1885
            self.auto_wrap_policy = os.environ.get(env_prefix + "AUTO_WRAP_POLICY", "NO_WRAP")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc51633d89ac9e16 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1899
                    self.transformer_cls_names_to_wrap = os.environ.get(env_prefix + "TRANSFORMER_CLS_TO_WRAP", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51d83273b575f584 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1905
                    self.min_num_params = int(os.environ.get(env_prefix + "MIN_NUM_PARAMS", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce5ceb417de7088c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1914
            self.use_orig_params = str_to_bool(os.environ.get(env_prefix + "USE_ORIG_PARAMS", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a226ec4aae497afc Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1920
            self.sync_module_states = str_to_bool(os.environ.get(env_prefix + "SYNC_MODULE_STATES", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f02dc273ef5eb556 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1929
            self.forward_prefetch = str_to_bool(os.environ.get(env_prefix + "FORWARD_PREFETCH", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b09776bc24c0131a Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1935
                str_to_bool(os.environ.get(env_prefix + "ACTIVATION_CHECKPOINTING", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d4f4517975aa77d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1939
            self.ignored_modules = os.environ.get(env_prefix + "IGNORED_MODULES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a694836ef32cb24 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1943
                str_to_bool(os.environ.get(env_prefix + "CPU_RAM_EFFICIENT_LOADING", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #653b09e6e28027b1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:1947
            os.environ[env_prefix + "CPU_RAM_EFFICIENT_LOADING"] = str(self.cpu_ram_efficient_loading)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1201f95a0eb2fee Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2012
            self.state_dict_type = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e33780ba5212a13 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2012
            self.state_dict_type = os.environ.get(
                "FSDP_STATE_DICT_TYPE",
                "FULL_STATE_DICT" if self.fsdp_version == 1 else "SHARDED_STATE_DICT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5f2c32d368a2246 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2209
            self.cp_comm_strategy = os.environ.get("PARALLELISM_CONFIG_CP_COMM_STRATEGY", "allgather")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d97c99db059ef2d1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2241
                os.environ.get("PARALLELISM_CONFIG_SP_SEQ_LENGTH_IS_VARIABLE", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffe76c3e44cc32bc Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2245
            if "PARALLELISM_CONFIG_SP_SEQ_LENGTH" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38a173730e4bc7a4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2250
                self.sp_seq_length = os.environ.get("PARALLELISM_CONFIG_SP_SEQ_LENGTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a01c223d3e3a133 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2254
            self.sp_attn_implementation = os.environ.get("PARALLELISM_CONFIG_SP_ATTN_IMPLEMENTATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7109b8088f1f1a9e Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2584
            self.tp_degree = int(os.environ.get(prefix + "TP_DEGREE", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f5c264747c3abd Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2586
            self.pp_degree = int(os.environ.get(prefix + "PP_DEGREE", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec5d9370759a8a9 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2588
            self.use_custom_fsdp = str_to_bool(os.environ.get(prefix + "USE_CUSTOM_FSDP", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8511decf4d2292a9 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2590
            self.no_load_optim = str_to_bool(os.environ.get(prefix + "NO_LOAD_OPTIM", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9417633d89a5453c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2592
            self.eod_mask_loss = str_to_bool(os.environ.get(prefix + "EOD_MASK_LOSS", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a08a80a4bcf166c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2594
            self.no_save_optim = str_to_bool(os.environ.get(prefix + "NO_SAVE_OPTIM", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2209151fccf1d30 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2596
            self.optimizer_cpu_offload = str_to_bool(os.environ.get(prefix + "OPTIMIZER_CPU_OFFLOAD", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97446dfd88c37295 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2599
                str_to_bool(os.environ.get(prefix + "OVERLAP_CPU_OPTIMIZER_D2H_H2D", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edf0c98a12e383bb Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2603
                str_to_bool(os.environ.get(prefix + "USE_PRECISION_AWARE_OPTIMIZER", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4c1334e24553ec Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2606
            if os.environ.get(prefix + "DECODER_LAST_PIPELINE_NUM_LAYERS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #949602b98176a90c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2608
                    os.environ.get(prefix + "DECODER_LAST_PIPELINE_NUM_LAYERS", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c49c461d571fce87 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2613
            self.num_micro_batches = int(os.environ.get(prefix + "NUM_MICRO_BATCHES", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9b28f3b0e56e1e5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2615
            self.gradient_clipping = float(os.environ.get(prefix + "GRADIENT_CLIPPING", 1.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6542de802514f5ce Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2617
            self.recompute_activations = str_to_bool(os.environ.get(prefix + "RECOMPUTE_ACTIVATIONS", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d80950fe4977911 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2620
                str_to_bool(os.environ.get(prefix + "USE_DISTRIBUTED_OPTIMIZER", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f37710f1ef8bc03 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2623
            self.sequence_parallelism = str_to_bool(os.environ.get(prefix + "SEQUENCE_PARALLELISM", "False")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f7ed383783ec645 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2625
            self.recompute_granularity = os.environ.get(prefix + "RECOMPUTE_GRANULARITY", "full")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b58543ba3903cef Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2627
            self.recompute_method = os.environ.get(prefix + "RECOMPUTE_METHOD", "uniform")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275d8c0032cde425 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2629
            self.recompute_num_layers = int(os.environ.get(prefix + "RECOMPUTE_NUM_LAYERS", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606e370e7cc41e39 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2631
            self.attention_backend = str_to_bool(os.environ.get(prefix + "ATTENTION_BACKEND", "True")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dffcba849506fae Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2633
            self.expert_model_parallel_size = int(os.environ.get(prefix + "EXPERT_MODEL_PARALLEL_SIZE", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8e4dfb8a0d5de5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2635
            self.context_parallel_size = int(os.environ.get(prefix + "CONTEXT_PARALLEL_SIZE", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb5b52c9e5c9fd22 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2637
            self.attention_dropout = float(os.environ.get(prefix + "ATTENTION_DROPOUT", "0.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc938b4c2c5091de Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2639
            self.hidden_dropout = float(os.environ.get(prefix + "HIDDEN_DROPOUT", "0.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3feb5e26205a0877 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2642
                str_to_bool(os.environ.get(prefix + "ATTENTION_SOFTMAX_IN_FP32", "True")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75100dd2951d63d7 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2645
            self.expert_tensor_parallel_size = int(os.environ.get(prefix + "EXPERT_TENSOR_PARALLEL_SIZE", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a70d52c0f0a0b55 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2648
                str_to_bool(os.environ.get(prefix + "CALCULATE_PER_TOKEN_LOSS", "True")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd0bf9ff7ab80af Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/dataclasses.py:2652
                str_to_bool(os.environ.get(prefix + "USE_ROTARY_POSITION_EMBEDDINGS", "True")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76895f26f2520f4d Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/deepspeed.py:142
            with open(config_file_or_dict, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ad7b859cf94f80d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:77
        val = int(os.environ.get(e, -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d22a98bb1217da7e Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:85
    value = os.environ.get(key, str(default))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa73b5146f56f277 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:90
    value = os.environ.get(key, str(default))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba527285c37302b5 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:163
            command = f"{os.environ['systemdrive']}\\Program Files\\NVIDIA Corporation\\NVSMI\\nvidia-smi.exe"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dac12cf41e07bcb8 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:368
    _old_os_environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #252950c621114de4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:369
    os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2df0796c232cfe Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:374
        os.environ.clear()  # clear any added keys,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d151f1e017e28e71 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:375
        os.environ.update(_old_os_environ)  # then restore previous environment

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d25607d2d7e83ad Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:399
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a7e5e19c32e18d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:400
            existing_vars[key] = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c776cdb2b7060233 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:401
        os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #161690255183700d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:410
                os.environ[key] = existing_vars[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0881c21c56e921e1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:412
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1fb4d23ef46825f Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:439
        existing_vars = {k: v for k, v in os.environ.items() if k.startswith(prefix)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c76cbe84c342b0c Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:444
            for key in [k for k in os.environ if k.startswith(prefix)]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0475ad93261966b0 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:446
                    os.environ[key] = existing_vars[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb1f3e1c31371d64 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/environment.py:448
                    os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb0b46f6da67661 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/fsdp_utils.py:44
    if "ACCELERATE_USE_FSDP" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #685af785cf44716d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/fsdp_utils.py:45
        os.environ["ACCELERATE_USE_FSDP"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe69b3403de764d Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/fsdp_utils.py:46
    os.environ["FSDP_CPU_RAM_EFFICIENT_LOADING"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8078875cd075a219 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/fsdp_utils.py:53
    os.environ["FSDP_CPU_RAM_EFFICIENT_LOADING"] = "False"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4013d3b953b65528 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/imports.py:222
    if str_to_bool(os.environ.get("ACCELERATE_USE_MEGATRON_LM", "False")) == 1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a0236c2f742877b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:132
    current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af88fc67bcc84747 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:257
    current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60916b869c868c55 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:528
    current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc6c2a4604004bf Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:660
    os.environ["AWS_DEFAULT_REGION"] = sagemaker_config.region

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a5169bd40242d29 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:664
        os.environ["AWS_PROFILE"] = sagemaker_config.profile

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d71bc55444ef96fd Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:666
        os.environ["AWS_ACCESS_KEY_ID"] = args.aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccd92306e4642832 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:667
        os.environ["AWS_SECRET_ACCESS_KEY"] = args.aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5c41f954bfc3f79 Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:723
        with open(sagemaker_config.sagemaker_inputs_file) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6001cb7a88c0741d Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:736
        with open(sagemaker_config.sagemaker_metrics_file) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c9a96320178144 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:778
    paths = [p for p in os.environ.get(env_var_name, "").split(":") if len(p) > 0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775e72b3acf81fe6 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:803
            world_size = int(os.environ.get("WORLD_SIZE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac55dd7a67718c3e Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:804
            rdv_file = os.environ.get("ACCELERATE_DEBUG_RDV_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d58a24ffbda29d3b Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:821
            os.environ["LOCAL_RANK"] = str(index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50431df7b3b0bba1 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:822
            nproc = int(os.environ.get("NPROC", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ac377858d4c68e4 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:823
            node_rank = int(os.environ.get("NODE_RANK", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c9e8c3f03fa0872 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:824
            os.environ["RANK"] = str(nproc * node_rank + index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62507361823c3720 Environment-variable access.
pkgs/python/[email protected]/src/accelerate/utils/launch.py:826
        os.environ["FORK_LAUNCHED"] = str(1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #733dab79c5814a51 Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/modeling.py:1909
        with open(index_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3a02726c9b73f8 Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/offload.py:75
        with open(offload_index_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf30b0f57c26e31e Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/offload.py:81
    with open(offload_index_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03352683524c7df Filesystem access.
pkgs/python/[email protected]/src/accelerate/utils/offload.py:154
            with open(os.path.join(save_folder, "index.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

azure-identity

python dependency
medium pii_flow dependency Excluded from app score #3d12bf83e6cffbd1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:99 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/azure/identity/_credentials/environment.py:66 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/azure/identity/_credentials/environment.py:99
            _LOGGER.info("Environment is configured for %s", self._credential.__class__.__name__)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #11766a6f555e7f55 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:77 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:60 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:77
            _LOGGER.info("Environment is configured for %s", self._credential.__class__.__name__)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 105 low-confidence finding(s)
low env_fs dependency Excluded from app score #c9ce7275a5818e8c Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/app_service.py:22
    url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53254ce6bcee8b71 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/app_service.py:23
    secret = os.environ.get(EnvironmentVariables.IDENTITY_HEADER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fc1ff71d1d18ddf Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azd_cli.py:239
        path = os.environ.get("SYSTEMROOT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23a230d6f580e5fd Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azd_cli.py:322
            "env": dict(os.environ, NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c46476ffc658b15 Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_arc.py:52
    with open(key_file, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #031b9f09b9d55eeb Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_arc.py:74
        program_data_path = os.environ.get("PROGRAMDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd498266c75166d9 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_cli.py:240
        path = os.environ.get("SYSTEMROOT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46138e05e7ef9dc8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_cli.py:278
            "env": dict(os.environ, AZURE_CORE_NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a55492dafa7f7c8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_ml.py:23
    url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db9455a630152db3 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_ml.py:24
    secret = os.environ.get(EnvironmentVariables.MSI_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d7c5e379bc8d9e Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_pipelines.py:25
    base_uri = os.environ[SYSTEM_OIDCREQUESTURI].rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8731256911cd90d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_pipelines.py:37
    if SYSTEM_OIDCREQUESTURI not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57edb28c4c89c613 Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/certificate.py:149
        with open(certificate_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b0f24cd3a45ef1a Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/cloud_shell.py:34
        url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c20297b7220cb079 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:154
            "interactive_browser_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b44acb23df6f5c Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:158
            "managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95b070fcb73bb98a Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:162
            "workload_identity_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde41b9d1bf4f9f4 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:166
        broker_tenant_id = kwargs.pop("broker_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #977ee73f9c545de8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:169
        shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24405d34b7ce1f48 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:171
            "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe423c2f14458d0 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:176
        token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3d838232b1d6c02 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:268
                        token_file_path=os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f42b971d6f483bb Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:63
        if all(os.environ.get(v) is not None for v in EnvironmentVariables.CLIENT_SECRET_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221d38f6f9d9d489 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:65
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00ec46a7328c7501 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:66
                client_secret=os.environ[EnvironmentVariables.AZURE_CLIENT_SECRET],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9401e56e6717a9d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:67
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07ab11e0b2d76722 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:70
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.CERT_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33242bc0e05b8f35 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:72
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebeb7a70c019b0de Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:73
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6790795cc3fff20 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:74
                certificate_path=os.environ[EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1c75114400dee13 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:75
                password=os.environ.get(EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PASSWORD),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c5c0908d1435451 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:77
                    os.environ.get(EnvironmentVariables.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN, False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4017b1da4a22f99 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:81
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.USERNAME_PASSWORD_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c534de723736e5fe Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:83
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb393ccc504a128 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:84
                username=os.environ[EnvironmentVariables.AZURE_USERNAME],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0ae194fe13834f6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:85
                password=os.environ[EnvironmentVariables.AZURE_PASSWORD],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70fd778b970298dd Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:86
                tenant_id=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID),  # optional for username/password auth

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6df3ba804b15820 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:106
            set_variables = [v for v in expected_variables if v in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1965f3c48d5dd002 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/imds.py:60
        os.environ.get(EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST, IMDS_AUTHORITY).strip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cddee8b1c5374ee Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/imds.py:90
        if EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9620bb7d633d25d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:82
        if os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #726dff4cd39ebac6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:83
            if os.environ.get(EnvironmentVariables.IDENTITY_HEADER):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fc22ad1e1049a55 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:84
                if os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11106e4383208a3b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:98
            elif os.environ.get(EnvironmentVariables.IMDS_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0ce987ea94d85b5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:103
        elif os.environ.get(EnvironmentVariables.MSI_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5302d0d35b3c345d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:104
            if os.environ.get(EnvironmentVariables.MSI_SECRET):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1467e54c0e1fd5e2 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:115
            all(os.environ.get(var) for var in EnvironmentVariables.WORKLOAD_IDENTITY_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5048d2cebdb42b76 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:120
            workload_client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8beb6f86b22e16f5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:131
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c98b41409ce6d129 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:133
                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23d4ce43669334a5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:42
    url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8b95a8b5fe24d5f Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:43
    secret = os.environ.get(EnvironmentVariables.IDENTITY_HEADER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e36cb277d8ef0b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:44
    thumbprint = os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4687c383d0cd0a Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/vscode.py:50
            with open(expanded_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8959d9af62b3e178 Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:33
            with open(self._token_file_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #136a454ce28666ee Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:79
        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #238b64b134d07cdc Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:80
        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20e01dc389c18199 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:81
        token_file_path = token_file_path or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a08ef4caf0c8d89 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/msal_credentials.py:39
        self._regional_authority = os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fc6ed7ee4f9c4de Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:90
    authority = os.environ.get(EnvironmentVariables.AZURE_AUTHORITY_HOST, KnownAuthorities.AZURE_PUBLIC_CLOUD)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94adab66fb3a1845 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:151
    if default_tenant == "adfs" or os.environ.get(EnvironmentVariables.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d14d236e99501337 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:207
    token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b7a28bf673f566 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_persistent_cache.py:88
    if sys.platform.startswith("win") and "LOCALAPPDATA" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c806c1280b73a236 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_persistent_cache.py:89
        cache_location = os.path.join(os.environ["LOCALAPPDATA"], ".IdentityService", cache_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbaa89aa76460656 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azd_cli.py:221
            env=dict(os.environ, NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9613cec1f3d11c3 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_arc.py:19
        url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111b749a6cb98b4f Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_arc.py:20
        imds = os.environ.get(EnvironmentVariables.IMDS_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96926732aec45458 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_cli.py:226
            env=dict(os.environ, AZURE_CORE_NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68b9febeff08cf32 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/cloud_shell.py:21
        url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9bca67e74d6951 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:135
        shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de20118ada2b0522 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:137
            "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5e2d3c49ae79323 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:141
            "managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf907057ecaeb187 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:145
            "workload_identity_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd87fa563237270 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:150
        token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba27db4d93937fb Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:231
                        token_file_path=os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ec2bd236f39098 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:57
        if all(os.environ.get(v) is not None for v in EnvironmentVariables.CLIENT_SECRET_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d517a72a91f611e8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:59
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abcf423e6973bfa9 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:60
                client_secret=os.environ[EnvironmentVariables.AZURE_CLIENT_SECRET],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c127944df42464 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:61
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #198422a8a79fd8e4 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:64
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.CERT_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea74dff04e8ad5da Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:66
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c454911c7dcf90c Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:67
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30f7e0cf70eae0e5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:68
                certificate_path=os.environ[EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1bf61db88006ae7 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:69
                password=os.environ.get(EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PASSWORD),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c3956923a7381e1 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:71
                    os.environ.get(EnvironmentVariables.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN, False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103f640ebe838441 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:80
            set_variables = [v for v in expected_variables if v in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8cff036a874c5b5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/imds.py:54
        if EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b99e07e9d568faad Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:54
        if os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8270ba39a9ac7ae Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:55
            if os.environ.get(EnvironmentVariables.IDENTITY_HEADER):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba671aec08bed7bb Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:56
                if os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ace31e114330c557 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:70
            elif os.environ.get(EnvironmentVariables.IMDS_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2176c1e5740a4e1e Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:75
        elif os.environ.get(EnvironmentVariables.MSI_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1721155d57fd51ac Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:76
            if os.environ.get(EnvironmentVariables.MSI_SECRET):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bedf7738ed0d006b Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:87
            all(os.environ.get(var) for var in EnvironmentVariables.WORKLOAD_IDENTITY_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b63dd26907a6957 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:92
            workload_client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b71bb894a9ff4167 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:103
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d2cdb275c35f562 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:105
                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d69b5d19c511567 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:57
        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82915f31fd61b5b0 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:58
        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50a885f09f2c678a Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:59
        token_file_path = token_file_path or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28618f02c0732927 Environment-variable access.
pkgs/python/[email protected]/samples/control_interactive_prompts.py:17
VAULT_URL = os.environ.get("VAULT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a015495fe5eaa003 Environment-variable access.
pkgs/python/[email protected]/samples/credential_creation_code_snippets.py:360
        system_access_token=os.environ["SYSTEM_ACCESSTOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f93e826332ebf9 Environment-variable access.
pkgs/python/[email protected]/samples/credential_creation_code_snippets.py:374
        system_access_token=os.environ["SYSTEM_ACCESSTOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f34377727d2a721d Environment-variable access.
pkgs/python/[email protected]/samples/key_vault_cert.py:19
VAULT_URL = os.environ["VAULT_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab5247d0f221e3d Environment-variable access.
pkgs/python/[email protected]/samples/user_authentication.py:14
VAULT_URL = os.environ.get("VAULT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-storage

python dependency
medium telemetry dependency Excluded from app score #a3aac0ba9d61b389 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/google/cloud/storage/_opentelemetry_tracing.py:45
    from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #6487e026cc616b1f Environment-variable access.
pkgs/python/[email protected]/google/cloud/_storage_v2/services/storage/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3101c0fea9f6f0a4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/_storage_v2/services/storage/client.py:422
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ab2dd1a33c55306 Environment-variable access.
pkgs/python/[email protected]/google/cloud/_storage_v2/services/storage/client.py:463
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ed202c0578f67ef Environment-variable access.
pkgs/python/[email protected]/google/cloud/_storage_v2/services/storage/client.py:464
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #175a3876e524c9ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_helpers.py:55
_API_VERSION = os.getenv(_API_VERSION_OVERRIDE_ENV_VAR, "v1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae80e2974711d47c Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_helpers.py:84
    return os.environ.get(STORAGE_EMULATOR_ENV_VAR, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a4a44e4eddc90a Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_helpers.py:88
    return os.getenv(
        _API_ENDPOINT_OVERRIDE_ENV_VAR, _DEFAULT_SCHEME + _TRUE_DEFAULT_STORAGE_HOST
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d235a45da92b732f Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_helpers.py:115
    return os.getenv(
        environment_vars.PROJECT,
        os.getenv(environment_vars.LEGACY_PROJECT),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4165bd66633f931 Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_helpers.py:117
        os.getenv(environment_vars.LEGACY_PROJECT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da2a902f5a1de2bb Filesystem access.
pkgs/python/[email protected]/google/cloud/storage/_media/_upload.py:1367
        with open(self._filename, "br") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #68b6303082d99e0e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/download.py:253
            result = transport.request(method, url, **request_kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #296511520d19e4b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/download.py:475
            result = transport.request(method, url, **request_kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4c2c895b34ff62d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/download.py:573
            result = transport.request(
                method,
                url,
                data=payload,
                headers=headers,
                timeout=timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #40d13137b5cfc3c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/download.py:654
            result = transport.request(
                method,
                url,
                data=payload,
                headers=headers,
                stream=True,
                timeout=timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5437365341a9d299 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:75
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ca3c9c41309807ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:154
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #77c998b9224b8b71 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:428
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2e11cee59a9517fd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:521
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #de8f0425197a8db6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:559
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b3934a73d521e505 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:646
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1e338acbe1647604 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:684
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3172c89c9b4570e6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:724
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d6f8ea59860b6b29 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/storage/_media/requests/upload.py:772
            result = transport.request(
                method, url, data=payload, headers=headers, timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #473eecca862f585d Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/_opentelemetry_tracing.py:33
    val = os.environ.get(name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351478152304467b Filesystem access.
pkgs/python/[email protected]/google/cloud/storage/blob.py:1275
            with open(filename, "wb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc20cd98e8dc6e41 Filesystem access.
pkgs/python/[email protected]/google/cloud/storage/blob.py:3046
        with open(filename, "rb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b94fe67c1c9f79c Environment-variable access.
pkgs/python/[email protected]/google/cloud/storage/client.py:226
                    os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18679f1aa131f696 Filesystem access.
pkgs/python/[email protected]/google/cloud/storage/transfer_manager.py:902
    with open(filename, "wb") as _:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5ffebd1d5cedde4 Filesystem access.
pkgs/python/[email protected]/google/cloud/storage/transfer_manager.py:1243
        self.f = open(filename, "rb+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c64c4e31dea1db2 Filesystem access.
pkgs/python/[email protected]/setup.py:94
with open(os.path.join(package_root, "google/cloud/storage/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8aca33c1b2057e6 Filesystem access.
pkgs/python/[email protected]/setup.py:99
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
medium pii_flow dependency Excluded from app score #aabd8f9e4b8e265d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-dywqqbnc/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 39 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #1b0c4dfb9be4ed70 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #e22d0989bad17795 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/.github/actions/conformance/client.py:118
            response = await client.get(
                authorization_url,
                follow_redirects=False,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #f0a93de65ead19c1 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #93b8b33c9adbb64d Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #760bb2b05c3097bb Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #d52bb92e1084caa0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:113
            response = await client.get(
                authorization_url,
                follow_redirects=False,  # Don't follow redirects automatically
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #f929a738f9d0371e Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #236eac8fd5a3adcf Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b616eff1560598e6 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #15804e09a014de71 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ecac2313320f3d88 Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #37ab568d478bae3a Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #382ad840891faf9b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:251
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #60fba394345de564 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c0d5be2fd2858e54 Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #13c7fa799626ee89 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fastmcp/text_me.py:49
        response = client.post(
            "https://api.surgemsg.com/messages",
            headers={
                "Authorization": f"Bearer {surge_settings.api_key}",
                "Surge-Account": surge_settings.account_id,
                "Content-Type": "application/json",
            },
            json={
                "body": text_content,
                "conversation": {
                    "contact": {
                        "first_name": surge_settings.my_first_name,
                        "last_name": surge_settings.my_last_name,
                        "phone_number": surge_settings.my_phone_number,
                    }
                },
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #f5af7c99659365f2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py:53
                response = await client.post(
                    self.introspection_endpoint,
                    data={"token": token},
                    headers={"Content-Type": "application/x-www-form-urlencoded"},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #1b1e435ed9317f19 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-tool/mcp_simple_tool/server.py:16
        response = await client.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #f226480263ffa54c Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fed3624e3e9d3fc8 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f44b895f8711b72 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #50e4744530d77371 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #39b1947ca73335c2 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1a9040219151e2ab Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9af63d6f337f5f47 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #580e29176dd06be3 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4bed5f8aea501352 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ced570f97b9a8639 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c3d5c4921ab9d836 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6c83b2ef69633d Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d778aa19ac8252b Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f208fbb57f45c73 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222402da2c91417f Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a411cdda6a6c8ff0 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #712c838aa273ac96 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/client/sse.py:138
                                    response = await client.post(
                                        endpoint_url,
                                        json=session_message.message.model_dump(
                                            by_alias=True,
                                            mode="json",
                                            exclude_none=True,
                                        ),
                                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a393df22f4f31b27 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #41a2274476e94c13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/server/fastmcp/resources/types.py:161
            response = await client.get(self.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fe8c90e8900b82ac Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b8c55ba5f85f3b Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

APScheduler

python dependency
expand_more 6 low-confidence finding(s)
low egress dependency Excluded from app score #202672dd5e4971a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/apscheduler/jobstores/etcd.py:58
            content, _ = self.client.get(node_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ca0337a77224c327 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/apscheduler/jobstores/etcd.py:108
            success=[self.client.transactions.put(node_path, value=data)],

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fbde5fd780cfb0f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/apscheduler/jobstores/zookeeper.py:72
            content, _ = self.client.get(node_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a55b417fefce53bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/apscheduler/jobstores/zookeeper.py:164
                content, _ = self.client.get(node_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a86346a0685b313f Filesystem access.
pkgs/python/[email protected]/src/apscheduler/schedulers/base.py:832
                outfile = stack.enter_context(open(outfile, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc29bdf4f1fc8435 Filesystem access.
pkgs/python/[email protected]/src/apscheduler/schedulers/base.py:873
                infile = stack.enter_context(open(infile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Brotli

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #adc457d2112567bd Filesystem access.
pkgs/python/[email protected]/python/bro.py:152
            with open(options.infile, 'rb') as infile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e2a56880bd9f6b1 Filesystem access.
pkgs/python/[email protected]/python/bro.py:169
        outfile = open(options.outfile, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c0950d4ea7d6749 Environment-variable access.
pkgs/python/[email protected]/setup.py:28
    value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f932f71752034a Filesystem access.
pkgs/python/[email protected]/setup.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0df7863e505e121c Filesystem access.
pkgs/python/[email protected]/setup.py:335
with open("README.md", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

PyJWT

python dependency
expand_more 5 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #aed685de49b8bb03 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
    with open(os.path.join(here, *parts), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2ec775f4b72c87ac Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:97
os.environ["SPHINX_BUILD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fd90e99b3328df Environment-variable access.
pkgs/python/[email protected]/jwt/algorithms.py:102
    if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b99ccb88e5a4be37 Environment-variable access.
pkgs/python/[email protected]/jwt/api_jwt.py:25
if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7d25028ef23bbdb8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/jwt/jwks_client.py:118
            with urllib.request.urlopen(
                r, timeout=self.timeout, context=self.ssl_context
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

PyMySQL

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #3c20f3462ec6e07e Filesystem access.
pkgs/python/[email protected]/pymysql/connections.py:1460
            with open(self.filename, "rb") as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiocache

python dependency
expand_more 7 low-confidence finding(s)
low egress dependency Excluded from app score #458a0484ac0b8d51 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiocache/backends/memcached.py:20
        value = await self.client.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3f07a9ad6e05e855 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiocache/backends/redis.py:90
        value = await self.client.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a7280bab37cdc90c Environment-variable access.
pkgs/python/[email protected]/aiocache/base.py:62
                if os.getenv("AIOCACHE_DISABLE") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9c5e486b66b6a051 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:70
    version = re.findall(r'__version__ = "(.+?)"', _path.read_text())[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b78a0895d15c2a03 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:134
on_rtd = os.environ.get("READTHEDOCS", None) == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d85c3650afc9b8e Filesystem access.
pkgs/python/[email protected]/setup.py:8
    version = re.findall(r"^__version__ = \"([^']+)\"\r?$", p.read_text(), re.M)[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9c3c21c0ff16732 Filesystem access.
pkgs/python/[email protected]/setup.py:12
readme = Path(__file__).with_name("README.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #5b9300a8e11a2048 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:78
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b38668c903cd1b Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:87
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee747ba7b1b7a193 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:204
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #786d2ca88aaae9b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiohttp/test_utils.py:357
        resp = await self._session.request(method, self.make_url(path), **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #95e7586231084d51 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #82f8cc95e86ae583 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:65
                async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9ea3202c3d3c081d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:87
                    async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #683baa6108466b9e Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8c3823ccdedb9b00 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:23
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7fed29d64f7c452d Filesystem access.
pkgs/python/[email protected]/docs/conf.py:32
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #7b2163026ebacdae Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_auth.py:9
    async with session.get("http://httpbin.org/basic-auth/andrew/password") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9d33dd2db0c592a1 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_json.py:9
    async with session.get("http://httpbin.org/get") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #e7d725142bfa975b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/curl.py:12
        async with session.request("GET", url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #0ce4e05e1484cf85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/digest_auth_qop_auth.py:48
            async with session.get(url) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #4ed0fa1336166ebb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:111
        async with session.get(
            "https://graph.facebook.com/v2.7/me", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #0331ad950b3834de Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:116
        async with session.get(
            "https://graph.facebook.com/v2.7/me/friends", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #cb986afb3a12372d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/logging_middleware.py:146
            coro = session.get(f"http://localhost:8080/hello/User{i}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #81e254fcee5dd192 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/token_refresh_middleware.py:64
            async with session.post(
                self.token_endpoint,
                json={"refresh_token": self.refresh_token},
                middlewares=(),  # Disable middleware for this request
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #997d4d79518a3856 Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:21
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45a3b79d4d816878 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f616f401c2aa7ee Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec9a8b994a6c621a Environment-variable access.
pkgs/python/[email protected]/setup.py:12
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785bb4417c15403b Environment-variable access.
pkgs/python/[email protected]/setup.py:14
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a143bcc274934de7 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a91a399139fd23f Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d86fe29152267767 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ddbea7d5ddaf3d94 Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6b51440a6d8c45e4 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

alembic

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #d00730415aacb6ea Filesystem access.
pkgs/python/[email protected]/alembic/command.py:141
                with open(toml_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcdd09a629c71753 Filesystem access.
pkgs/python/[email protected]/alembic/command.py:174
                with open(path, "w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f227adaa1a9d6068 Filesystem access.
pkgs/python/[email protected]/alembic/config.py:277
            with open(self._toml_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3f39ddcba23a67f Environment-variable access.
pkgs/python/[email protected]/alembic/config.py:985
        alembic_config_env = os.environ.get("ALEMBIC_CONFIG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b940ac31356ae6d9 Filesystem access.
pkgs/python/[email protected]/alembic/templates/multidb/env.py:70
        with open(file_, "w") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7ee63909ae8f42a Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:93
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd8aa503ea6d16c0 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:113
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f877725c0719afd Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:300
    with open(cfg.toml_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e59aa92dc60f8334 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:307
    with open(cfg.config_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03a4ed3cbdf035c4 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:332
    with open(path, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9a16ad7e52d432f Environment-variable access.
pkgs/python/[email protected]/alembic/testing/fixtures.py:70
        os.environ.pop("ALEMBIC_CONFIG", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5bc3c19f7d15467 Environment-variable access.
pkgs/python/[email protected]/alembic/util/editor.py:33
    env = os.environ if environ is None else environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a77017c7ad62f9 Filesystem access.
pkgs/python/[email protected]/alembic/util/pyfiles.py:48
        with open(dest, "ab" if append_with_newlines else "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dea1589c747a968 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdeb94fb03c98a11 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(
    "SQLA_REPO", "git+https://github.com/sqlalchemy/sqlalchemy.git"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303d5dc6b408ba7c Environment-variable access.
pkgs/python/[email protected]/noxfile.py:134
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b2b03d09f35798 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:141
            cmd.extend(os.environ.get("TOX_SQLITE", "--db=sqlite").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e81b263c95832b2f Environment-variable access.
pkgs/python/[email protected]/noxfile.py:147
                os.environ.get("TOX_POSTGRESQL", "--db=postgresql").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dcc2644f6692dcc Environment-variable access.
pkgs/python/[email protected]/noxfile.py:153
            cmd.extend(os.environ.get("TOX_MYSQL", "--db=mysql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec4195693ddea08 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:160
            if "ORACLE_HOME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0425bf525486273 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:161
                session.env["ORACLE_HOME"] = os.environ.get("ORACLE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec6976097a2ceae Environment-variable access.
pkgs/python/[email protected]/noxfile.py:162
            if "NLS_LANG" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eebcc24a1423b3a Environment-variable access.
pkgs/python/[email protected]/noxfile.py:163
                session.env["NLS_LANG"] = os.environ.get("NLS_LANG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fa0447759f08ae0 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:164
            cmd.extend(os.environ.get("TOX_ORACLE", "--db=oracle").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f7ade99eba0c59a Environment-variable access.
pkgs/python/[email protected]/noxfile.py:170
            cmd.extend(os.environ.get("TOX_MSSQL", "--db=mssql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06b28c59279cc631 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:247
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c5c61f5dd571737e Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:85
    with open(destination_path, "w") as buf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #523b73ab38d1b7d9 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:305
            sys.stdout.write(f_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #233c6155e929a888 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:352
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dbf91ff3477461c3 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:392
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
expand_more 38 low-confidence finding(s)
low egress dependency Excluded from app score #923397c957157835 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/_base_client.py:311
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e71168bdc5b33e36 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:93
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7610138abb74293b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:97
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1c73d8d93865a74 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:101
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80fac7c830bd5e1d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:333
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be83a3ee99d4f1f5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:337
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #628ade433102d04f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:341
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e59c3d4ba028ec0 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda2f3226635f2ce Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #367078e26eb9dc29 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b14960b2f2e48115 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b07194d80b781e65 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866b1d5af3ee89ef Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6582fc34427adc51 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:110
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f47c6de41206e80e Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #148da7f3f11da0f6 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #986fe423177924e3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd34af5b8fcf6178 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f927a5a1526cd8 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e90f4e3325edb001 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:367
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc29611778e5f90e Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4008f8d7c42d3b1f Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16c5d8a2321a26bf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:75
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66064a2a4aaa2605 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:170
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce458773300bb9e7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:312
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3a62c92d39fcb2d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:146
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9332c91825ccd65c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:147
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195adbc08d4ce983 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:148
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096467cc9a59cf26 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:323
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb47cec5a90106ea Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:324
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d52085932d4a3c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:325
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #07fbd14308c4f72c Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:316
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3bd8da06d15f09c4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:609
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e9cec0ba0aea10 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:44
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c3536d6134501e1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:111
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98c0f68d8880d7b9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:118
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3989c6fd78c991bf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:256
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf87363bf69e7bed Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:263
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

authlib

python dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #c634161c46f782e4 Environment-variable access.
pkgs/python/[email protected]/authlib/common/security.py:15
    if os.getenv("AUTHLIB_INSECURE_TRANSPORT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7b361c10e6dd9d35 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:79
                resp = await client.request(
                    "GET", self._server_metadata_url, withhold_token=True
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4ce12851bca918f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:144
        return await session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6620c04f57339b04 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:152
    return await session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #029fc37fedfdb3c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_openid.py:26
            resp = await client.request("GET", uri, withhold_token=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5c656e8500833768 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/framework_integration.py:33
        session_data = session.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d4feb9526e006619 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:80
            return session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8ff85decd190673e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:89
        return session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f4cd869ae636cc11 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:329
                resp = session.request(
                    "GET", self._server_metadata_url, withhold_token=True
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #13119830958de75b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_openid.py:24
            resp = session.request("GET", uri, withhold_token=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #86f75fe0eabb1960 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/starlette_client/integration.py:26
            if session is None or session.get(key) is None:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4c2481507e3bfd75 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/starlette_client/integration.py:30
            value = session.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #aa5c44b2ad7e8a58 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth1/client.py:149
        resp = self.session.post(url, auth=self.auth, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #09e5c1dfe59b5bf8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:430
            resp = self.session.post(
                url, data=dict(url_decode(body)), headers=headers, auth=auth, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7f733377a7ce1fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:438
            resp = self.session.request(
                method, url, headers=headers, auth=auth, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b2145f02851bb52b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:513
        return self.session.post(
            url, data=dict(url_decode(body)), headers=headers, auth=auth, **kwargs
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6125295ef97021ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/rfc7521/client.py:99
        resp = self.session.request(
            "POST", self.token_endpoint, data=data, withhold_token=True
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

azure-storage-blob

python dependency
expand_more 60 low-confidence finding(s)
low env_fs dependency Excluded from app score #79cbafd69a9c937e Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/__init__.py:203
            with open(output, 'wb') as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7b2f2671fa059ab Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/_shared/avro/avro_io.py:161
        input_bytes = self.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7ae4239138370fe Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/_shared/avro/avro_io.py:242
            result = decoder.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e469a954940041 Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/_shared/avro/avro_io_async.py:143
        input_bytes = await self.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adcc1c83c4e37199 Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/_shared/avro/avro_io_async.py:225
            result = await decoder.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3372c20fc3f5eac0 Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/_shared/avro/datafile.py:209
            data = self.raw_decoder.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bf36e1c092112b3 Filesystem access.
pkgs/python/[email protected]/azure/storage/blob/aio/__init__.py:149
            with open(output, 'wb') as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81af40c5bbe86f7a Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication.py:30
        os.getenv("STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #605aadb87b0bc36c Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication.py:33
        os.getenv("OAUTH_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3a4f765b2c2db67 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication.py:36
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21723fcec592e3d4 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication.py:37
    shared_access_key = os.getenv("STORAGE_ACCOUNT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d836bb45237836b Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication_async.py:32
        os.getenv("STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #868a3b4b3349caf2 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication_async.py:35
        os.getenv("OAUTH_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3adb0a388e958369 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication_async.py:38
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f894758deb92f83f Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_authentication_async.py:39
    shared_access_key = os.getenv("STORAGE_ACCOUNT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4b706a2860f3b97 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_batch_delete_blobs.py:22
    connection_string = os.getenv('STORAGE_CONNECTION_STRING')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18d8cd780173fcd9 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_batch_delete_blobs.py:38
        with open(local_path+filename, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #405d0d6b7be62790 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_client_side_encryption.py:278
    CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e5126d932aaf7ab Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_client_side_encryption_keyvault.py:44
        return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dcff1a97d68c12b Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_common.py:32
    connection_string = os.getenv("STORAGE_CONNECTION_STRING_SOFT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfa93ed1344a95fd Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common.py:56
        with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45375575818b87d5 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common.py:104
        with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b414a7f279cb072 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common.py:179
        with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c325822dd9e5835 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_common_async.py:31
    connection_string = os.getenv("STORAGE_CONNECTION_STRING_SOFT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e91131405c7a2cb Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common_async.py:55
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13bfb3b8d8b7b4a9 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common_async.py:103
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #161d8cfe5fd1bf58 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_common_async.py:179
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff4bf50575357e94 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_container_access_policy.py:39
    CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33b676e9f8dcc2bd Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_container_access_policy_async.py:40
    CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #664e6c0800e9644d Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_containers.py:32
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf1c427600f3f13 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_containers.py:210
        with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4ef51e04c32bdf Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_containers_async.py:29
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b47b8cbf5844d0b Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_containers_async.py:209
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #200fe04d35c9c139 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_copy_blob.py:25
        CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21dc9a46c410abed Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_copy_blob_async.py:26
        CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49652f9f3a0b0f7a Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_enumerate_blobs.py:24
        CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089639d2ce260c85 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_enumerate_blobs_async.py:25
        CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f07e9a0c068aacb Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:31
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18593a3e8c611f38 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:80
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b6a5c1d09eea482 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:85
            with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c0c7e94ba9c1d40 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:172
            with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f7dcb92ebe062c Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:204
            with open(SOURCE_FILE, "rb") as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1b734c5400fafca Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world.py:208
            with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0156cb4390ec2adf Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:31
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a246a613186b1269 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:84
                with open(SOURCE_FILE, "rb") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5568aa63faabfc83 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:89
                with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e356246c1bce2c Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:180
                with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9315bccca0a2b479 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:214
                with open(SOURCE_FILE, "rb") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8727984a64eba4a Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_hello_world_async.py:218
                with open(DEST_FILE, "wb") as my_blob:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12f913c700e5acef Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_network_activity_logging.py:39
connection_string = os.environ.get('STORAGE_CONNECTION_STRING', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8b71137cf03458f Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_proxy_configuration.py:32
connection_string = os.environ.get('AZURE_STORAGE_CONNECTION_STRING', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87a6811900e43bd4 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_proxy_configuration.py:59
os.environ[HTTPS_PROXY_ENV_VAR] = https_proxy

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d0200d6acc1def0 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_query.py:26
        CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb0a72251a37b744 Filesystem access.
pkgs/python/[email protected]/samples/blob_samples_query.py:46
    with open(BASE_FILE, "rb") as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c39b8a03bb369f Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_service.py:23
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80daeb8a01d0e288 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_service_async.py:25
    connection_string = os.getenv("STORAGE_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb8a13df0539e5c Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_walk_blob_hierarchy.py:49
    CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41bdf50ed1e4bd61 Environment-variable access.
pkgs/python/[email protected]/samples/blob_samples_walk_blob_hierarchy_async.py:48
    CONNECTION_STRING = os.environ['STORAGE_CONNECTION_STRING']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53209fec229f9af1 Filesystem access.
pkgs/python/[email protected]/setup.py:39
with open(os.path.join(package_folder_path, '_version.py'), 'r') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40298046134010dd Filesystem access.
pkgs/python/[email protected]/setup.py:51
    long_description=open('README.md', 'r').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #fb18fe8e12613f83 Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9e906a21856bd2ec Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:200
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #617394b6739b8e74 Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c55c8084e8ddc23 Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

brotlicffi

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #080682e672b329be Filesystem access.
pkgs/python/[email protected]/setup.py:12
    open("README.rst").read() + '\n\n' + open("HISTORY.rst").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a5caafa031287d Filesystem access.
pkgs/python/[email protected]/setup.py:15
with open(os.path.join(base_dir, "src", "brotlicffi", "__init__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d98e347edd98f08a Environment-variable access.
pkgs/python/[email protected]/setup.py:43
USE_SHARED_BROTLI = os.environ.get("USE_SHARED_BROTLI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a365a32997a4b36b Environment-variable access.
pkgs/python/[email protected]/src/brotlicffi/_build.py:8
USE_SHARED_BROTLI = os.environ.get("USE_SHARED_BROTLI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cryptography

python dependency
expand_more 26 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #f7749eaf59c3ea6c Filesystem access.
pkgs/python/[email protected]/docs/conf.py:88
with open(os.path.join(base_dir, "src", "cryptography", "__about__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dbef3d154dc4cd85 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py:52
    with open(filename) as vector_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #818cb9f605d3009b Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py:81
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1a19725839fffcf3 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/arc4/generate_arc4.py:92
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #36fba00db645570b Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/cast5/generate_cast5.py:28
    with open(filename) as vector_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #64ae1c96cdba7527 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/cast5/generate_cast5.py:52
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f5b017ae98dfd7bc Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py:42
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11adbacbc29b2c88 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/chacha20/verify_chacha20_overflow.py:49
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #508d567e9127c65d Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/hkdf/generate_hkdf.py:34
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c8459355797d0e00 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/generate_idea.py:18
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7f3c95c8ec9d588f Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/generate_idea.py:50
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7d09afd6491a740f Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/verify_idea.py:22
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a6a308e78ab13be0 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py:98
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #524b090ee2ce5c00 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/generate_seed.py:18
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #04ac9cfb2553efa7 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/generate_seed.py:49
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #de967ff79226bce3 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/verify_seed.py:20
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6002eb2f640e9b52 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:64
        rustflags = os.environ.get("RUSTFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70670e3ffef9901a Environment-variable access.
pkgs/python/[email protected]/noxfile.py:239
    rustflags = os.environ.get("RUSTFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08da6883e2590680 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:291
    if "CARGO_INCREMENTAL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fde6fbe94cc9fce Filesystem access.
pkgs/python/[email protected]/noxfile.py:406
        with open(f"{uuid.uuid4()}.lcov", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #584a91178d5efcc4 Filesystem access.
pkgs/python/[email protected]/release.py:54
    content = p.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #499490b71018a310 Filesystem access.
pkgs/python/[email protected]/release.py:60
    p.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #159595ba186a513d Environment-variable access.
pkgs/python/[email protected]/src/_cffi_src/build_openssl.py:49
    out_dir = os.environ["OUT_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #181571447ffd91e8 Environment-variable access.
pkgs/python/[email protected]/src/_cffi_src/openssl/x509v3.py:13
USE_CONST_X509 = bool(os.environ.get("USE_CONST_X509"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf84ebe4292fecb3 Filesystem access.
pkgs/python/[email protected]/src/_cffi_src/utils.py:16
with open(os.path.join(base_src, "cryptography", "__about__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b12d386129c2461 Environment-variable access.
pkgs/python/[email protected]/src/cryptography/hazmat/bindings/openssl/binding.py:114
    and os.environ.get("PROCESSOR_ARCHITEW6432") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fake-useragent

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #adf4c70ed63153a0 Filesystem access.
pkgs/python/[email protected]/src/fake_useragent/utils.py:77
        for line in json_path.read_text().splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastapi

python dependency
expand_more 66 low-confidence finding(s)
low env_fs dependency Excluded from app score #b20608c5c841bfaf Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial001_py310.py:7
    with open("log.txt", mode="w") as email_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb33eed8af59017 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_an_py310.py:9
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #541c96299ab1fe80 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_py310.py:7
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33aa3725522b5184 Filesystem access.
pkgs/python/[email protected]/docs_src/custom_response/tutorial008_py310.py:11
        with open(some_file_path, mode="rb") as file_like:  # (2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #28ff670af4f755f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/dependencies/tutorial013_an_py310.py:25
    user = session.get(User, user_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e0e0dfe2dbe5cefc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/dependencies/tutorial014_an_py310.py:25
    user = session.get(User, user_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ab682e20627fe5bc Filesystem access.
pkgs/python/[email protected]/docs_src/events/tutorial002_py310.py:8
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a029e0f6498fcf89 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:5
openapi_content = json.loads(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69e59ac5ce680326 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:15
file_path.write_text(json.dumps(openapi_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #489e860fcb1c7210 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial001_an_py310.py:60
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6d78dc182d4f3d89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial001_an_py310.py:68
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #83af580dff6db54e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial001_py310.py:56
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #70d89a58bdc40e57 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial001_py310.py:64
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #296305c74a64a5ab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_an_py310.py:77
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6040eb0ca72e3c37 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_an_py310.py:85
    hero_db = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c08a2092ba0797b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_an_py310.py:98
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #192775f4aa9a6d9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_py310.py:74
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2ed19f04167dd617 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_py310.py:84
    hero_db = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c3952d312982b91b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/sql_databases/tutorial002_py310.py:97
    hero = session.get(Hero, hero_id)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #23a9685e054988fa Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:12
    with open(RELEASE_NOTES_FILE) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71c53c98865efe6a Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:31
        with open(RELEASE_NOTES_FILE, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #10829c0b019009b9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #0556f998ec19c6ff Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:227
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #205e179f27105e6c Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:233
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0a92affeb57a701 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:104
    return yaml.unsafe_load(en_config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #944ea81288775d77 Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:128
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5447f17ef69e45f0 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:142
    new_llm_prompt_path.write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #583390cc36490fc6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:222
    missing_translation = (docs_path / "missing-translation.md").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #00ea1450f693a583 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:228
    translation_banner = translation_banner_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6220c55276fc43b7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:235
                markdown = translated_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #55e69f4440041b15 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:237
                    staged_file.write_text(markdown, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #509b82e1d21c420d Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:241
                staged_file.write_text(
                    add_markdown_notice(markdown, banner), encoding="utf-8"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b45ae9c2eef660e1 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:245
                markdown = staged_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #722d13b21fbec2ef Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:246
                staged_file.write_text(
                    add_markdown_notice(markdown, missing_translation),
                    encoding="utf-8",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9baffc6374301816 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:275
    config_path.write_text(
        yaml.dump(config, sort_keys=False, width=200, allow_unicode=True),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9bf3e1913b02fb01 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:293
    config = yaml.unsafe_load(config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bb4aaaa4dc8d1ffd Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:343
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e4d5ce8eee7ba62d Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:349
    sponsors = yaml.safe_load(sponsors_data_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9c6a0211dff65f7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:378
    old_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #633c3cbe257f3f6a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:383
        readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a77f1c7c2d39e1f6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:424
        en_config_path.write_text(
            yaml.dump(updated_config, sort_keys=False, width=200, allow_unicode=True),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b9720d225e85c83b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:481
        language_names_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a0bd439f50b461b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:552
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #97c5947bf7e56362 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:600
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #10a736e0b6f45cb4 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:656
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c638d49bed4ebdca Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:663
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #47cf80c373aac5d2 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:678
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #6e7a0a4eba270b96 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #29fabdbf7e24bc4e Filesystem access.
pkgs/python/[email protected]/scripts/notify_translations.py:319
    contents = settings.github_event_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #5914d29048ef2b56 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:202
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #6a8ecfc423ba5ee7 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:384
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #353870fab096375a Filesystem access.
pkgs/python/[email protected]/scripts/people.py:390
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #3cd89b7719e35c6d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #34e9d56ff6089900 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:148
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6dcf437cfe5ea2bc Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:154
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5fca47074fe27e73 Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:52
    repos_old_content = repos_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfe5f7c3c440913c Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:57
    repos_path.write_text(new_repos_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0845eadb91baab3c Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:31
general_prompt = general_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #471d501c85c7f371 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:38
    return yaml.safe_load(Path("docs/language_names.yml").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #68407a391b19335c Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:121
    lang_prompt_content = lang_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #78c5450fe8f43fce Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:129
    original_content = en_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a14dbae5a4055a71 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:133
        old_translation = out_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #82e52ff270d5a557 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:178
    out_path.write_text(out_content, encoding="utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6d776492d9756d9d Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:81
        doc_lines = path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f7c424f2ee064f80 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:82
        en_doc_lines = en_doc_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bb42b38ab4e5eca9 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:94
        path.write_text("\n".join(doc_lines), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 93 low-confidence finding(s)
low env_fs dependency Excluded from app score #fd0b5e42944ec765 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:102
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3be5918fc25c85 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:103
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f31e3594325adef Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:188
  os.environ['GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES'] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b3190eeb18e541 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:566
      if os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', '0').lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1c505bad2052f3e Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:603
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8edd4a164a245bea Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:604
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00f334e56ea279cb Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:839
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345f00b3ff26a5cc Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:840
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #576e658a7f292dff Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:896
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e0e99bcc7f65745 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:897
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2161c4274fe00683 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:954
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd4f0fc9b3338e36 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:955
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e0ff4a5ac202eeb Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1513
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97db540f2f8553ed Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #000fad783d8ef012 Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #715b40ee6d56dbf3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/_interactions/_base_client.py:321
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8670d0fa96a21190 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:103
            api_key = os.environ.get("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c9c847d5d62a388 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:111
            base_url = os.environ.get("GEMINI_NEXT_GEN_API_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec18136935c65f9f Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:324
            api_key = os.environ.get("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b68b53e067b2bf1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:332
            base_url = os.environ.get("GEMINI_NEXT_GEN_API_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39ad7a0bf9a3bdca Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:83
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22997348cff2ec5 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:95
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0577acc96c76557c Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:125
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #257641408e479d1b Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:137
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccdcac232142c851 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_models.py:126
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ed1e77ec405dc4d Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_response.py:512
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e79c859861aa081 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_response.py:554
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b6f89c73a302fd Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_logs.py:32
    env = os.environ.get("GEMINI_NEXT_GEN_API_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02554fbc8063381a Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_transform.py:263
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2627df340b1ae0a Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_transform.py:429
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f5ada894bfba1a4 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_utils.py:383
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7a42e0c6ae412bc8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:76
  resp = requests.get(file_url_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #346dc6037d872295 Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:105
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d38269a070fe631e Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:122
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ac361c672c030e Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:198
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #743fadbf30db2d08 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:290
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aa2e6fc79c69b31 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:290
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df4cd6ab9edd7724 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:334
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fba416ae444e665 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:361
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #98baefa333d2c664 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1618
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #163a8559bfeb6a3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1681
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c20aae3e1f9ebb79 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1760
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #162f1141fe13ebf0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1841
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #30b5eb3884bbd350 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1884
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e88b77e214b8c538 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1967
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b9da9f48f00afa6e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:965
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d9ef72eebeff4698 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1032
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #57806d27a1b7399e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1099
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7da33313d274bf02 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1179
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #021b1fec0c9ae045 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1231
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f715348d3a4ce17f Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:299
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f375c0b79b0402b Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:303
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8492503836da95d7 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:307
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b4da07f3b0ac23c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:180
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f3b51344d6293f68 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:242
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7c822656223ac676 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:286
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #58bbde63516872a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:367
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8df171b1553a2efa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:432
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #04b27698e265b659 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:495
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3b65059b6a378c81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:535
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0b8c6c413ba42807 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:594
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e7bb6253b7c00fcd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:682
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a45180b023ff0638 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:220
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #801b5b03d7c98496 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:276
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a1b0a2ee2adae463 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:353
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4b36b78a56a34ef6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:417
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b1d3ced5c7c9df7a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:475
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #01c479d007a15411 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4371
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c428e5c1d0a41af6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4570
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9ededd5615482502 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4646
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #37dedccbd192f16a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4717
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3057fd7b9aaad88e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4783
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #662b9eb50a05553e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4893
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3dcbc850d9c7d899 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4978
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ec1e8e183e94de00 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5040
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2f40d0ae7fbc0b16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5105
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5b9d3b02e80837c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5175
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f2d4f70af6429e5c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5241
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #46b647aa151b851c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5336
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b24fd3b5032c3321 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5426
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e61e22977d1da0c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5503
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #08474164ecebfed2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:139
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #58c70ba2eed9b028 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:187
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f5be35c6e140d454 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:233
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #94f6cf6996b94ea8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tokens.py:257
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a19e21eb12f18c46 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1401
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #595a20d07f6a9d72 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1467
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #374972cabe1ec89b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1543
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #653ed9ca87727505 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1623
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a56c7ed15c536eb0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1700
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dd3eaab933938f6e Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:8244
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba4542fdcd89207 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:10396
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e718066438159cd Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:19781
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #eb600e46f98bf73c Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #453be2a02b92dbb2 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6043ec0598c6265e Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62484453c77747dd Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

katex

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #cc10e1b1fa67e6d5 Filesystem access.
pkgs/python/[email protected]/src/metrics/parse_tfm.py:134
    with open(file_name, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #c979f2af5f056e01 Environment-variable access.
pkgs/python/[email protected]/langchain/agents/middleware/_execution.py:322
        host_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137e6f444f56a741 Filesystem access.
pkgs/python/[email protected]/langchain/agents/middleware/file_search.py:341
                content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #299656016897825f Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:15
    content = pyproject_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4ca9501f07415c8e Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:22
    content = init_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-classic

python dependency
expand_more 2 low-confidence finding(s)
low egress dependency Excluded from app score #4aa8c05d6850347c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_classic/chains/openai_functions/openapi.py:207
        return requests.request(method, url, **_kwargs, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d371d4f963120d4d Filesystem access.
pkgs/python/[email protected]/langchain_classic/storage/file_system.py:118
                value = full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-text-splitters

python dependency
expand_more 2 low-confidence finding(s)
low egress dependency Excluded from app score #7d7b07cd81e89e6d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_text_splitters/html.py:223
            response = client.get(url, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b7d73f6bf2031421 Filesystem access.
pkgs/python/[email protected]/langchain_text_splitters/html.py:240
            html_content = pathlib.Path(file).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

loguru

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #d2d10dc020e5ee93 Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:25
        if "CI" in os.environ and any(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bd8f74fa5eed21a Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:26
            ci in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888c9b844e21ed73 Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:30
        if "PYCHARM_HOSTED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f40ad838e33b463b Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:32
        if os.name == "nt" and "TERM" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #762ce3584cc543e9 Environment-variable access.
pkgs/python/[email protected]/loguru/_defaults.py:5
    if key not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89e9863bef627b2 Environment-variable access.
pkgs/python/[email protected]/loguru/_defaults.py:8
    val = environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df3a554ead61425c Filesystem access.
pkgs/python/[email protected]/loguru/_file_sink.py:53
        with open(path_in, "rb") as f_in:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc90e420c73b4608 Filesystem access.
pkgs/python/[email protected]/loguru/_file_sink.py:226
        self._file = open(path, **self._kwargs)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a8a5fc83aa3323 Filesystem access.
pkgs/python/[email protected]/loguru/_logger.py:1868
                with open(str(file)) as fileobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
expand_more 60 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #5622213436040aac Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d46c098e909964f0 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19979eb537ff3670 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #86217d914139337d Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #89c23786608ead1d Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #617f35530a8cc99f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:144
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8f3bcd56376dd2e Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:146
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a69409f96a14edb2 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:148
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9a8c9712fc9a19 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:150
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8122f8710a55549a Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:283
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e323eaf9d92b37e6 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:287
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38fcad007addcda1 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6551ed4c02f5483 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:308
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0500baa31fb0889 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:311
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f6237ba2ddfc615 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:314
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #762ee5be08a0374f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a36121858d72a333 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d2cbc990cc2b73d0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/_base_client.py:308
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6490f657f1ffa0e7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:137
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87484435ab26a1c7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:150
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8c51f9f8e0fcb9 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:154
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9b2ad74e98dbc5 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:158
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc30f64485e363c Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:164
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c20e5f564d37522 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:512
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0816273ee9549f6 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:525
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aab0db8266e3f77 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:529
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56aadeecbc79b856 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:533
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a9a72844417d48 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:539
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3182d94a0651e33 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9839bcc4df9d949 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abbdb3965eee2443 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40f03c834fd2534b Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bd1626e27432c60 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1297eca539bd854d Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7da6f9465f2431c4 Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f28c03c580e5122 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d96a96cc1bac08d Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe35a3c6281ca3c2 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d0dc1ba56d7e5be Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc525d513caa7f82 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #132bb18149a22118 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:371
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #414bde531ba2f8ed Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc5b94064bc5585 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444f0f927e3c015d Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3b5dbaba27b056 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80fe9a0ec8b96a3b Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fe3a761f6aeac98 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e005fde1674be7be Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a946e1998dae9ec2 Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f2229be4cda35811 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:118
        download_response = client.get(download_url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2203c21d6babcef3 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf576ad089e26cae Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b224eac831dde9 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:193
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8f9aaffeecf6b02 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54229c4e2ee9b65b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:204
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3025588973628dd9 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:218
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4316d7dcf623e463 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:474
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40e0b6b5e302cc2b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:477
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ca9262ba004049f Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:485
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5bfee85b40529df Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:499
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opensearch-py

python dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #98672eb1913b996b Environment-variable access.
pkgs/python/[email protected]/opensearchpy/_async/helpers/test.py:17
OPENSEARCH_URL = os.environ.get("OPENSEARCH_URL", "https://localhost:9200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bb033ba951ab3575 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/opensearchpy/_async/http_aiohttp.py:294
            async with self.session.request(
                method,
                url,
                data=body,
                headers=req_headers,
                timeout=timeout,
                fingerprint=self.ssl_assert_fingerprint,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f3ca4371f8e3650a Environment-variable access.
pkgs/python/[email protected]/opensearchpy/connection/base.py:100
        if os.getenv("ELASTIC_CLIENT_APIVERSIONING") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49abd91537901bc6 Environment-variable access.
pkgs/python/[email protected]/opensearchpy/connection/base.py:329
        ca_certs = os.environ.get("SSL_CERT_FILE") or os.environ.get("SSL_CERT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a13f77087902fb33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/opensearchpy/connection/http_async.py:233
            async with self.session.request(
                method,
                yarl.URL(url, encoded=True),
                data=body,
                auth=auth,
                headers=req_headers,
                timeout=timeout,
                fingerprint=self.ssl_assert_fingerprint,
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fa726dac28dd3ae6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/opensearchpy/connection/pooling.py:62
        self._free_connections.put(con)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7edf0c756bd7562a Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:37
OPENSEARCH_URL = os.environ.get("OPENSEARCH_URL", "https://localhost:9200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fca9278105c2dff8 Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:44
    if "PYTHON_CONNECTION_CLASS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a711c9e61d51326 Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:48
            connection, os.environ["PYTHON_CONNECTION_CLASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126a4d545eff123d Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:107
if "OPENSEARCH_VERSION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27a6602eec56df7d Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:108
    OPENSEARCH_VERSION = _get_version(os.environ["OPENSEARCH_VERSION"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c8554dcd97fb082 Environment-variable access.
pkgs/python/[email protected]/opensearchpy/helpers/test.py:113
            http_auth=("admin", os.getenv("OPENSEARCH_PASSWORD", "admin")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f24de2fd58b57d83 Filesystem access.
pkgs/python/[email protected]/setup.py:37
with open(
    join(BASE_DIR, PACKAGE_NAME.replace("-", ""), "_version.py"), encoding="utf-8"
) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef536e42d35a3177 Filesystem access.
pkgs/python/[email protected]/setup.py:47
with open(join(BASE_DIR, "README.md"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psycopg

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #4f95760364e2f161 Environment-variable access.
pkgs/python/[email protected]/psycopg/_conninfo_utils.py:81
    if (env := os.environ.get(paramdef.envvar)) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4a67a8212c9d1f Environment-variable access.
pkgs/python/[email protected]/psycopg/_dns.py:138
        if params.get("hostaddr", os.environ.get("PGHOSTADDR", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba9561cb2f85b60 Environment-variable access.
pkgs/python/[email protected]/psycopg/_dns.py:141
        host_arg: str = params.get("host", os.environ.get("PGHOST", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1e9d42a62a0453 Environment-variable access.
pkgs/python/[email protected]/psycopg/_dns.py:143
        port_arg: str = str(params.get("port", os.environ.get("PGPORT", "")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae1410676aaa8fb8 Environment-variable access.
pkgs/python/[email protected]/psycopg/pq/__init__.py:61
    impl = os.environ.get("PSYCOPG_IMPL", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ee9b4d2de92e5e6 Filesystem access.
pkgs/python/[email protected]/psycopg/pq/_pq_ctypes.py:807
    with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83951214d0ba0f84 Filesystem access.
pkgs/python/[email protected]/psycopg/pq/_pq_ctypes.py:838
    with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f21845f4d213558c Environment-variable access.
pkgs/python/[email protected]/psycopg/waiting.py:437
if "PSYCOPG_WAIT_FUNC" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27aae5ec9d8f6eae Environment-variable access.
pkgs/python/[email protected]/psycopg/waiting.py:438
    fname = os.environ["PSYCOPG_WAIT_FUNC"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyarrow

python dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #34d1dac3fe389382 Environment-variable access.
pkgs/python/[email protected]/pyarrow/__init__.py:311
    return _os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1748c377771763 Environment-variable access.
pkgs/python/[email protected]/pyarrow/__init__.py:400
    pkg_config_executable = _os.environ.get('PKG_CONFIG') or 'pkg-config'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c98a2ec3f1f7cdf1 Environment-variable access.
pkgs/python/[email protected]/pyarrow/__init__.py:432
    if _os.environ.get('ARROW_HOME'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d4edabd906a5de1 Environment-variable access.
pkgs/python/[email protected]/pyarrow/__init__.py:433
        append_library_dir(_os.path.join(_os.environ['ARROW_HOME'], 'lib'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d8679ec934b2492 Environment-variable access.
pkgs/python/[email protected]/pyarrow/ipc.py:138
            bool(int(os.environ.get('ARROW_PRE_0_15_IPC_FORMAT', '0')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fd60dff02bc2e0 Environment-variable access.
pkgs/python/[email protected]/pyarrow/ipc.py:139
    if bool(int(os.environ.get('ARROW_PRE_1_0_METADATA_VERSION', '0'))):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d1351c06f01b8bca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/pyarrow/util.py:235
    with urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1e1a37cf0e38e1cd Filesystem access.
pkgs/python/[email protected]/pyarrow/util.py:236
        with open(out_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5ef98dcf0dcd44ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/pyarrow/util.py:242
    with requests.get(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f5847cb745d57c7b Filesystem access.
pkgs/python/[email protected]/pyarrow/util.py:243
        with open(out_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d485f4cbdf747344 Environment-variable access.
pkgs/python/[email protected]/setup.py:166
        self.cmake_generator = os.environ.get('PYARROW_CMAKE_GENERATOR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #800e871d7538ef22 Environment-variable access.
pkgs/python/[email protected]/setup.py:169
        self.extra_cmake_args = os.environ.get('PYARROW_CMAKE_OPTIONS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6d4f24e396073e1 Environment-variable access.
pkgs/python/[email protected]/setup.py:170
        self.build_type = os.environ.get('PYARROW_BUILD_TYPE',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be8222e761ba474a Environment-variable access.
pkgs/python/[email protected]/setup.py:170
        self.build_type = os.environ.get('PYARROW_BUILD_TYPE',
                                         'release').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46838cc835a56fb4 Environment-variable access.
pkgs/python/[email protected]/setup.py:173
        self.cmake_cxxflags = os.environ.get('PYARROW_CXXFLAGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b50a2517c14b0cf Environment-variable access.
pkgs/python/[email protected]/setup.py:196
            os.environ.get('PYARROW_GENERATE_COVERAGE', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #429099e203a63764 Environment-variable access.
pkgs/python/[email protected]/setup.py:198
            os.environ.get('PYARROW_BUNDLE_ARROW_CPP', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ad52920adb475f Environment-variable access.
pkgs/python/[email protected]/setup.py:200
            os.environ.get('PYARROW_BUNDLE_CYTHON_CPP', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c513e321c5492bb6 Filesystem access.
pkgs/python/[email protected]/setup.py:255
                cachefile = open('CMakeCache.txt', 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895325b0cae94dd2 Environment-variable access.
pkgs/python/[email protected]/setup.py:327
                if os.environ.get('PYARROW_BUILD_VERBOSE', '0') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2381c4e32c7074d Environment-variable access.
pkgs/python/[email protected]/setup.py:329
                parallel = os.environ.get('PYARROW_PARALLEL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #51fa79909fa26274 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e7cc6f98bd87289 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:344
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bcb09cd37998030 Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1411
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a456075adc2b459 Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce24a840235f669 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d297d04c4bf7f7c Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24badce14742bbfe Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c426a0852ce3770 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c21a41f74ce7ac2 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-mimeparse

python dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #3f32c7b87a1a62c6 Filesystem access.
pkgs/python/[email protected]/mimeparse_test.py:24
        with open("testdata.json") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-multipart

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #16f3676abdda8050 Filesystem access.
pkgs/python/[email protected]/python_multipart/multipart.py:487
                tmp_file = open(path, "w+b")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pytz

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #dddc7a950e31cf20 Environment-variable access.
pkgs/python/[email protected]/pytz/__init__.py:91
    zoneinfo_dir = os.environ.get('PYTZ_TZDATADIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f5b55590c37d49 Filesystem access.
pkgs/python/[email protected]/pytz/__init__.py:118
    return open(filename, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370a3fe8fdfb1922 Environment-variable access.
pkgs/python/[email protected]/pytz/__init__.py:124
        if os.environ.get('PYTZ_SKIPEXISTSCHECK', ''):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #465bb91a17c9f5ca Filesystem access.
pkgs/python/[email protected]/pytz/tzfile.py:130
                      open(os.path.join(base, 'Australia', 'Melbourne'), 'rb'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ecf261ee2b4fcb Filesystem access.
pkgs/python/[email protected]/pytz/tzfile.py:132
                      open(os.path.join(base, 'US', 'Eastern'), 'rb'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0fec87a2b042ff Filesystem access.
pkgs/python/[email protected]/setup.py:31
    long_description=open('README.rst', 'r').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #f36c99f37c37dc20 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:857
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f678e3fc0387ee7 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:858
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e8e1ab70062d0f7 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:239
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b8859510b25ee39 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:798
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e83a914422f71d Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:799
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #269f7cdb624dcf3e Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:805
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6313d0348c90734d Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:807
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd583d95e340d6a0 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:820
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sentence-transformers

python dependency
expand_more 58 low-confidence finding(s)
low env_fs dependency Excluded from app score #4b219707a2904792 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/__init__.py:45
if importlib.util.find_spec("codecarbon") and "CODECARBON_LOG_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f884a7533de16ee8 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/__init__.py:46
    os.environ["CODECARBON_LOG_LEVEL"] = "error"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f597f361cffb0bc Filesystem access.
pkgs/python/[email protected]/sentence_transformers/backend/load.py:155
            with open(ov_config, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb6b064cdf0160e8 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:178
            cache_folder = os.getenv("SENTENCE_TRANSFORMERS_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00088f83163a9e5c Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:625
        with open(os.path.join(path, "config_sentence_transformers.json"), "w", encoding="utf8") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3d0e96e4eebb015 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:670
        with open(os.path.join(path, "modules.json"), "w", encoding="utf8") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e478f950dfa01d70 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:762
        with open(os.path.join(path, "README.md"), "w", encoding="utf8") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #728c8bee65edf27c Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:1067
            with open(config_sentence_transformers_json_path, encoding="utf8") as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aec37d5b1a91bb9 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:1101
                with open(model_card_path, encoding="utf8") as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dd02a18da9b4504 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:1115
        with open(modules_json_path, encoding="utf8") as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406d4ca3611b1b53 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/model.py:1309
        with open(config_sentence_transformers_json_path, encoding="utf8") as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c29e8c7b0506e84 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/modules/module.py:211
        with open(config_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ff6b6a6aace8808 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/modules/module.py:406
        with open(config_output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f20bb19fc29bc20 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/modules/router.py:567
        with open(os.path.join(output_path, self.config_file_name), "w", encoding="utf8") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3455712d62e8b2f7 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/base/trainer.py:295
            os.environ.setdefault("WANDB_PROJECT", "sentence-transformers")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029713a6c2fa69d4 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/base/trainer.py:299
            os.environ.setdefault("TRACKIO_PROJECT", "sentence-transformers")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2336454aa9ca8256 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/base/trainer.py:1037
                with open(index_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdcae3e954f99eeb Filesystem access.
pkgs/python/[email protected]/sentence_transformers/cross_encoder/evaluation/classification.py:180
            with open(csv_path, mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5951f42d00685aaa Filesystem access.
pkgs/python/[email protected]/sentence_transformers/cross_encoder/evaluation/correlation.py:129
            with open(csv_path, mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a190836d25e4885 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/cross_encoder/evaluation/nano_beir.py:283
                fOut = open(csv_path, mode="w", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eee45f5d0c678c1b Filesystem access.
pkgs/python/[email protected]/sentence_transformers/cross_encoder/evaluation/nano_beir.py:288
                fOut = open(csv_path, mode="a", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e24e2ab29a0bdf Filesystem access.
pkgs/python/[email protected]/sentence_transformers/cross_encoder/evaluation/reranking.py:301
            with open(csv_path, mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2a640c8fd380c93 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/datasets/parallel_sentences.py:96
            else open(filepath, encoding="utf8") as fIn

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf04408c7a110ead Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/binary_classification.py:195
                with open(csv_path, newline="", mode="w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471621155cdb3b49 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/binary_classification.py:200
                with open(csv_path, newline="", mode="a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3847de968531d3 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/embedding_similarity.py:207
            with open(csv_path, newline="", mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d28ae8fd39f03d Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/information_retrieval.py:250
                fOut = open(csv_path, mode="w", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a2ae9ca16111b9a Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/information_retrieval.py:255
                fOut = open(csv_path, mode="a", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c04dce8e3fc5d7 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/information_retrieval.py:388
                with open(json_path, mode=mode, encoding="utf-8") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fff357befcad65 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/label_accuracy.py:84
                with open(csv_path, newline="", mode="w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff9e4c700f915fe2 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/label_accuracy.py:89
                with open(csv_path, newline="", mode="a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8537adb03f2cfdaa Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/mse.py:122
            with open(csv_path, newline="", mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a46cadf5f3538a39 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/mse_from_dataframe.py:110
            with open(csv_path, newline="", mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d902e6116ba87a7 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/nano_beir.py:353
                fOut = open(csv_path, mode="w", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ba592b57254c9cb Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/nano_beir.py:358
                fOut = open(csv_path, mode="a", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce9ce0f2cb9f8652 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/paraphrase_mining.py:224
                with open(csv_path, newline="", mode="w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff292d2ee5da59c Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/paraphrase_mining.py:229
                with open(csv_path, newline="", mode="a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e085c3deb82f08 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/reranking.py:186
            with open(csv_path, newline="", mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d881b07b7509ba6d Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/translation.py:157
            with open(csv_path, newline="", mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cd673c89a6842b Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/triplet.py:220
                with open(csv_path, newline="", mode="w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #242d9ce36b166d8c Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/evaluation/triplet.py:226
                with open(csv_path, newline="", mode="a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f040db864660bd5 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/modules/tokenizer/phrase.py:105
        with open(os.path.join(output_path, "phrasetokenizer_config.json"), "w") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be60f1bc23027637 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/modules/tokenizer/phrase.py:119
        with open(os.path.join(input_path, "phrasetokenizer_config.json")) as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db6e9fcb40ba001 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/modules/tokenizer/whitespace.py:63
        with open(os.path.join(output_path, "whitespacetokenizer_config.json"), "w") as fOut:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53b3fffce55d89d3 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/modules/tokenizer/whitespace.py:75
        with open(os.path.join(input_path, "whitespacetokenizer_config.json")) as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3623a81d5f2ac1a0 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/modules/word_embeddings.py:162
            else open(embeddings_file_path, encoding="utf8") as fIn

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab7369ff4b14938 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/readers/label_sentence.py:35
        for line in open(os.path.join(self.folder, filename), encoding="utf-8"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af12806dbf6d5e23 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/readers/paired_files.py:30
                else open(filepath, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c3ab48a8e4dd698 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/readers/sts_data.py:54
            else open(filepath, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c59caebb4935f856 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sentence_transformer/readers/triplet.py:44
            open(os.path.join(self.dataset_folder, filename), encoding="utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beffc714f98f6955 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sparse_encoder/evaluation/reciprocal_rank_fusion.py:287
                with open(csv_path, mode="a" if output_file_exists else "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e51eb588ddfaf481 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sparse_encoder/evaluation/reciprocal_rank_fusion.py:311
                with open(json_path, mode="w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f3b8d38321c4ca2 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/sparse_encoder/modules/sparse_static_embedding.py:143
        with open(json_path) as fIn:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24ce59175aa0e6f1 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/util/environment.py:51
        if "LOCAL_RANK" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a43656a9d1847150 Environment-variable access.
pkgs/python/[email protected]/sentence_transformers/util/environment.py:52
            local_rank = int(os.environ["LOCAL_RANK"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9713c8c40f71b360 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/util/file_io.py:243
            with open(download_filepath, "wb") as file_binary:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #959aca9dae5c66d2 Filesystem access.
pkgs/python/[email protected]/sentence_transformers/util/misc.py:182
    with open(csv_path, newline="", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a195a18ab37f349b Filesystem access.
pkgs/python/[email protected]/sentence_transformers/util/misc.py:191
        with open(csv_path, "w", newline="", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlalchemy

python dependency
expand_more 29 low-confidence finding(s)
low egress dependency Excluded from app score #a8815f0e3a95e630 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/lib/sqlalchemy/pool/impl.py:145
            self._pool.put(record, False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #8c82b5299693fd2f Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c7167c3c2e7d7d86 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #78833b5b89cb6680 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #73dd4c94f1c60aad Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2879b22efd99c174 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec8ebd87acbdc41 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4109921565e44669 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3c73ecada76209 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f944b206b9e7af9 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad42215fe0ffaea Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fb1f0a84c6c5dca Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #355df7b77ccc1966 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068ae0f0f3fc1e41 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #674c3be32e8b56c9 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f48238bf71565cd Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbdfaf4430524aa4 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e6a8fb4f52621f Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80df0cb14d5f278f Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7576e28995f10e05 Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da40f66f80d4751e Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3e27cdde56bf9751 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a63ca40e916129f3 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2e1441f58dd6d276 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d4ff829f5a755d2 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20d7eb489b7044fa Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #305b8e1a3008ef4b Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a7cae87939c39105 Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2c980f6adcac67d0 Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tiktoken

python dependency
expand_more 16 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #83f0b19992cb084c Environment-variable access.
pkgs/python/[email protected]/scripts/benchmark.py:16
    num_threads = int(os.environ["RAYON_NUM_THREADS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e2c6646c06b4c66 Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:11
    text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4274dc5fd1fb03da Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:35
            path.write_text(redacted_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #e08b5f3d4c00beef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/wheel_download.py:13
    response = requests.get(artifacts_url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9803c88eeb7ec932 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/wheel_download.py:31
        response = requests.get(download_url, headers=headers, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #b0ae228f82d593c9 Filesystem access.
pkgs/python/[email protected]/scripts/wheel_download.py:35
        with open(temp_zip, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f3e561773cae3c Filesystem access.
pkgs/python/[email protected]/tiktoken/_educational.py:212
    with open(__file__) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f5aab12b39ff3f5 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:10
        with open(blobpath, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c68d792cc40d3a0f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tiktoken/load.py:17
        resp = requests.get(blobpath)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #114800c4b7668bc8 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:27
    return blobfile.read_bytes(blobpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9b6ebc016e1f32d Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:37
    if "TIKTOKEN_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feacf82507281bb9 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:38
        cache_dir = os.environ["TIKTOKEN_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8617557cd343df30 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:39
    elif "DATA_GYM_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e770ec3105aad910 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:40
        cache_dir = os.environ["DATA_GYM_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f3155e91f092d0f Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:55
        with open(cache_path, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c97047c23a5248c9 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:78
        with open(tmp_filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uvicorn

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #a8536edf216e0934 Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:335
        if workers is None and "WEB_CONCURRENCY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3fa318fe6e2457c Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:336
            self.workers = int(os.environ["WEB_CONCURRENCY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29644a4b526e9211 Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:340
            self.forwarded_allow_ips = os.environ.get("FORWARDED_ALLOW_IPS", "127.0.0.1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eb13f22317ab51a Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:374
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7780e2d6d91ef8ff Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:382
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @floating-ui/dom prod — dist-only: no readable source
  • @sveltejs/svelte-virtual-list prod — no javascript source
  • @xyflow/svelte prod — dist-only: no readable source
  • codemirror-lang-hcl prod — dist-only: no readable source
  • kokoro-js prod — tarball exceeds byte cap
  • langchain-community prod — sdist exceeds byte cap
  • ftfy prod — scan budget exceeded
  • chardet prod — scan budget exceeded
  • pypdf prod — scan budget exceeded
  • fpdf2 prod — scan budget exceeded
  • pymdown-extensions prod — scan budget exceeded
  • docx2txt prod — scan budget exceeded
  • python-pptx prod — scan budget exceeded
  • msoffcrypto-tool prod — scan budget exceeded
  • nltk prod — scan budget exceeded
  • Markdown prod — scan budget exceeded
  • beautifulsoup4 prod — scan budget exceeded
  • pypandoc prod — scan budget exceeded
  • pandas prod — scan budget exceeded
  • openpyxl prod — scan budget exceeded
  • pyxlsb prod — scan budget exceeded
  • xlrd prod — scan budget exceeded
  • validators prod — scan budget exceeded
  • psutil prod — scan budget exceeded
  • sentencepiece prod — scan budget exceeded
  • soundfile prod — scan budget exceeded
  • pillow prod — scan budget exceeded
  • opencv-python-headless prod — scan budget exceeded
  • rapidocr-onnxruntime prod — scan budget exceeded
  • rank-bm25 prod — scan budget exceeded
  • onnxruntime prod — scan budget exceeded
  • faster-whisper prod — scan budget exceeded
  • black prod — scan budget exceeded
  • youtube-transcript-api prod — scan budget exceeded
  • pytube prod — scan budget exceeded
  • pydub prod — scan budget exceeded
  • ddgs prod — scan budget exceeded
  • google-api-python-client prod — scan budget exceeded
  • google-auth-httplib2 prod — scan budget exceeded
  • google-auth-oauthlib prod — scan budget exceeded
  • googleapis-common-protos prod — scan budget exceeded
  • ldap3 prod — scan budget exceeded
  • psycopg2-binary prod — scan budget exceeded
  • pgvector prod — scan budget exceeded
  • mariadb prod — scan budget exceeded
  • unstructured prod — scan budget exceeded
  • pymongo prod — scan budget exceeded
  • moto prod — scan budget exceeded
  • gcp-storage-emulator prod — scan budget exceeded
  • docker prod — scan budget exceeded
  • pytest prod — scan budget exceeded
  • pytest-docker prod — scan budget exceeded
  • playwright prod — scan budget exceeded
  • elasticsearch prod — scan budget exceeded
  • qdrant-client prod — scan budget exceeded
  • weaviate-client prod — scan budget exceeded
  • pymilvus prod — scan budget exceeded
  • pinecone prod — scan budget exceeded
  • oracledb prod — scan budget exceeded
  • colbert-ai prod — scan budget exceeded